Final Report
1
Evaluation of MGM Cybersecurity Breach Exposures
Si Yu Wang
November 11, 2023
2
Executive Summary
Critical vulnerabilities were exposed by the MGM Resorts 2023 cybersecurity breach,
which had a significant financial effect of more than $100 million. The analysis highlights the
need for proactive steps by pointing out weaknesses in incident response planning and risk
management. The significance of ongoing risk assessment, comprehensive incident response
strategies, and staff cybersecurity training is highlighted by the lessons learned. The hack is a
warning story that should serve as a reminder to businesses to strengthen their cybersecurity
posture with all-encompassing plans. Protecting financial assets and stakeholder trust while
reducing vulnerability to new cyber risks requires a proactive, flexible strategy that incorporates
these lessons.
3
Table of Contents
Evaluation of MGM Cybersecurity Breach Exposures
Introduc)on ..................................................................................................................................................4
Analysis .........................................................................................................................................................4
Analysis of the Breach ..............................................................................................................................4
MGM Resorts vs. Cybersecurity Standards ...............................................................................................5
Benchmark ...................................................................................................................................................5
Lessons Learned ...........................................................................................................................................5
Proac)ve risk management ......................................................................................................................6
Incident Response Strategy ......................................................................................................................6
Roadmap for Strengthening Cybersecurity ...............................................................................................6
Conclusion ....................................................................................................................................................6
References ....................................................................................................................................................8
4
Introduction
Serious weaknesses in the company's security system were exposed by the 2023 MGM
Resorts cybersecurity breach, which resulted in significant financial losses and highlighted
threats to sensitive consumer data (CNN, 2023). The nature of the event is examined in this
analysis, which compares it to cybersecurity best practices. Important lessons that emphasized
the need for proactive risk management and strong incident response strategies came to light.
The hack serves as a reminder of how important cybersecurity is to overall company stability.
Future cybersecurity resilience is advised to be achieved by ongoing risk assessments, staff
training, and open communication. This event is a fascinating case study that highlights the need
for organizations to strengthen their cybersecurity posture to effectively manage new threats and
protect stakeholder confidence as well as financial assets.
Analysis
Analysis of the Breach
A serious exposure was revealed by the 2023 cybersecurity breach at MGM Resorts,
which exposed a wide range of client data, including private information and critical passport
details (Techcrunch, 2023). The assault, which was carried out by the ALPHV subgroup
Scattered Spider, had a high degree of sophistication as it used skillful social engineering to take
advantage of a weakness in a LinkedIn profile. This emphasizes how important it is to have
robust cybersecurity safeguards, especially when it comes to employee data protection, which
acts as a gateway for these kinds of cyberattacks.
5
MGM Resorts vs. Cybersecurity Standards
A comparison of MGM Resorts with accepted cybersecurity standards reveals some
serious flaws. The enormous financial impact—more than $100 million—raises the possibility of
inadequacies in incident response and risk management. The cascading impact of operational
interruptions highlights the interdependence between cybersecurity and overall company
continuity, while also signifying the direct financial consequences.
Benchmark
The ongoing evolution of threat landscapes confronting organizations highlights the
complex problems associated with sustaining cybersecurity resilience, as seen by the MGM
Resorts attack (Alawida, Omolara, Abiodun, & Al-Rajab, 2022). It acts as a pressing request that
international organizations identify and resolve these weaknesses. To successfully reduce the
diverse repercussions of cyber-attacks, it is essential to build incident response strategies,
improve risk management practices, and strengthen defenses. In addition to highlighting the
urgent need for correction, the event also sparked a discussion about raising international
cybersecurity standards to protect private information and uphold stakeholder confidence in a
digital environment that is becoming more interconnected.
Lessons Learned
Organizations looking to strengthen their cybersecurity resilience may learn a lot from
the MGM Resorts hacking incident.
6
Proactive risk management
First of all, it emphasizes how important proactive risk management is. Sensitive
customer data exposure emphasizes the ongoing requirement for thorough risk assessments and
practical mitigation techniques. The exploitation of employee information using social
engineering approaches highlights the significance of continuous cybersecurity training and
increased awareness among employees.
Incident Response Strategy
Second, MGM Resorts' reaction and cleanup operations demonstrate the importance of
having an established incident response strategy (Wong, Ou, & Wilson, 2021). The choice to
forgo paying the ransom and rely on cybersecurity insurance serves as an example of how
important it is to be ready when handling a cyberattack’s aftermath. The event also highlights
how important it is to communicate openly both within and outside to preserve confidence.
Roadmap for Strengthening Cybersecurity
For organizations, these lessons provide a road map for strengthening their cybersecurity
posture. A strong incident response plan, thorough personnel training, and proactive risk
management are essential elements of a resilient cybersecurity strategy. Organizations may
improve their capacity to avoid, respond to, and recover from cyber-attacks by putting these
lessons into practice. This will eventually protect sensitive data, uphold stakeholder confidence,
and promote a more secure digital environment.
Conclusion
In conclusion, the cybersecurity breach at MGM Resorts should serve as a global
warning, highlighting weaknesses in both the technological and human sides of cybersecurity.
7
Employee awareness, incident response planning, and risk management may all be improved by
benchmarking against best practices. Organizations should adopt a proactive and thorough
cybersecurity strategy that emphasizes ongoing learning, frequent risk assessments, and a strong
incident response plan in light of the incident's lessons. Cyber threats change as technology
develops, so businesses must remain ahead of the curve by implementing strong cybersecurity
safeguards. A comprehensive and flexible cybersecurity policy is vital, as demonstrated by the
MGM Resorts hack, given the ever-changing spectrum of cyber threats. By incorporating these
insights into upcoming procedures, organizations may strengthen defenses, reduce risk, and
protect financial resources and stakeholder confidence.
8
References
Alawida, M., Omolara, A. E., Abiodun, O. I., & Al-Rajab, M. (2022). A deeper look into
cybersecurity issues in the wake of Covid-19: A survey. Journal of King Saud University-
Computer and Information Sciences.
CNN. (2023, October 5). Casino giant MGM expects a $100 million hit from a hack that led to a
data breach. Retrieved from CNN: https://edition.cnn.com/2023/10/05/business/
mgm-100-million-hit-data-breach/index.html
Techcrunch. (2023, October 6). MGM Resorts confirms hackers stole customers’ data during a
cyberattack. Retrieved from Techcrunch: https://techcrunch.com/2023/10/06/mgm-
resorts-admits-hackers-stole-customers-personal-data-cyberattack/
Wong, I. A., Ou, J., & Wilson, A. (2021). Evolution of hoteliers’ organizational crisis
communication in the time of mega disruption. Tourism Management, 104257.
- Introduction
- Analysis
- Analysis of the Breach
- MGM Resorts vs. Cybersecurity Standards
- Benchmark
- Lessons Learned
- Proactive risk management
- Incident Response Strategy
- Roadmap for Strengthening Cybersecurity
- Conclusion
- References