Posted on: September 13, 2023, 09:49h.
Last updated on: September 13, 2023, 09:49h.
MGM Resorts International (NYSE: MGM) is still dealing with the impact of a large-scale cybersecurity breach and while the casino operator hasn’t commented to this effect, at least one expert believes the event has the hallmarks of a ransomware attack.
In ransomware infiltrations, hackers essentially hold an entity’s computer systems hostage, forcing victims to pay when their backs are against the wall. As Corporate America, including the gaming industry, is increasingly tasked with safeguarding customer data and is more reliant on technology, the profitability of ransomware attacks is on the rise, too.
If past performance in this industry is an indicator, then we could anticipate MGM paying the ransom if they see no other option,” noted Fergal Lyons, cybersecurity evangelist with Centripetal in comments supplied to Casino.org. “Cybercriminals are finding ransomware to be a lucrative industry, capitalizing on vulnerabilities and exploiting careless employees.”
Late Tuesday, Las Vegas-based MGM issued a statement, saying it “recently identified a cybersecurity issue affecting certain of the Company’s systems” and that it’s working with law enforcement on the matter. However, the casino operator did not use the term “ransomware.” Nor did it mention if the perpetrators of the hack have made financial demands.
If MGM Pays Ransom, It Must Tell Investors
Should it become clear that the Bellagio operator is in fact the victim of a ransomware attack and that a ransom is paid, such information must be disclosed to investors because MGM is a publicly traded company. That mandate was recently instituted by the Securities and Exchange Commission (SEC).
The stipulation is that event be deemed “material,” though the SEC doesn’t outline monetary guidelines for what constitutes material. The commission requires that public companies affected by cyber breaches that cause financial loss file an Item 1.05 Form 8-K within four days after the impacted party confirms material effect.
Some cybersecurity experts believe it’s not surprising that a gaming company was targeted in a large-scale cybersecurity breach because owing to the consume-facing nature of the travel and leisure industry, companies are stewards of copious amounts of sensitive personal data.
“As such, the sector becomes an attractive target for cybercriminals seeking financial gain or to exploit vulnerabilities for malicious purposes,” added Erfan Shadabi, cybersecurity expert with comforte AG. “The MGM Resorts incident is emblematic of this overarching challenge. Recognizing the pivotal role technology plays in enhancing guest experiences, optimizing operations, and facilitating global connectivity, the tourism industry must allocate resources to bolster its cybersecurity posture.”
Big Spending Required by Companies to Up Cybersecurity
Cyber thieves are increasingly cunning and are diversifying the ways in which they can harm corporations and governments, indicating proactive spending is needed. Centripetal’s Lyons observed that cyber criminals are so technologically proficient, that their attacks are now bespoke or tailored to specific industries.
“The MGM hack underscores how digital transformation increases the attack surface and how physical infrastructure can be disrupted by a cyberattack,” said Tom Kellermann, senior vice president of cyber strategy at Contrast Security in the comments. “Guards, guns and vaults cannot defend against cyber-intrusions.”
As for cybersecurity spending, it’s estimated that domestic companies spent nearly $71.7 billion last year on such expenditures and the rule of thumb extoled by some in the tech community is that 9% to 14% of corporate tech budgets should be allocated to cybersecurity.