Final Report

profileSSSSSSSS19
outline.pdf

1

Evaluation of MGM Cybersecurity Breach Exposures

Si Yu Wang

November 11, 2023

2

Executive Summary

Critical vulnerabilities were exposed by the MGM Resorts 2023 cybersecurity breach,

which had a significant financial effect of more than $100 million. The analysis highlights the

need for proactive steps by pointing out weaknesses in incident response planning and risk

management. The significance of ongoing risk assessment, comprehensive incident response

strategies, and staff cybersecurity training is highlighted by the lessons learned. The hack is a

warning story that should serve as a reminder to businesses to strengthen their cybersecurity

posture with all-encompassing plans. Protecting financial assets and stakeholder trust while

reducing vulnerability to new cyber risks requires a proactive, flexible strategy that incorporates

these lessons.

3

Table of Contents

Evaluation of MGM Cybersecurity Breach Exposures

Introduc)on ..................................................................................................................................................4

Analysis .........................................................................................................................................................4

Analysis of the Breach ..............................................................................................................................4

MGM Resorts vs. Cybersecurity Standards ...............................................................................................5

Benchmark ...................................................................................................................................................5

Lessons Learned ...........................................................................................................................................5

Proac)ve risk management ......................................................................................................................6

Incident Response Strategy ......................................................................................................................6

Roadmap for Strengthening Cybersecurity ...............................................................................................6

Conclusion ....................................................................................................................................................6

References ....................................................................................................................................................8

4

Introduction

Serious weaknesses in the company's security system were exposed by the 2023 MGM

Resorts cybersecurity breach, which resulted in significant financial losses and highlighted

threats to sensitive consumer data (CNN, 2023). The nature of the event is examined in this

analysis, which compares it to cybersecurity best practices. Important lessons that emphasized

the need for proactive risk management and strong incident response strategies came to light.

The hack serves as a reminder of how important cybersecurity is to overall company stability.

Future cybersecurity resilience is advised to be achieved by ongoing risk assessments, staff

training, and open communication. This event is a fascinating case study that highlights the need

for organizations to strengthen their cybersecurity posture to effectively manage new threats and

protect stakeholder confidence as well as financial assets.

Analysis

Analysis of the Breach

A serious exposure was revealed by the 2023 cybersecurity breach at MGM Resorts,

which exposed a wide range of client data, including private information and critical passport

details (Techcrunch, 2023). The assault, which was carried out by the ALPHV subgroup

Scattered Spider, had a high degree of sophistication as it used skillful social engineering to take

advantage of a weakness in a LinkedIn profile. This emphasizes how important it is to have

robust cybersecurity safeguards, especially when it comes to employee data protection, which

acts as a gateway for these kinds of cyberattacks.

5

MGM Resorts vs. Cybersecurity Standards

A comparison of MGM Resorts with accepted cybersecurity standards reveals some

serious flaws. The enormous financial impact—more than $100 million—raises the possibility of

inadequacies in incident response and risk management. The cascading impact of operational

interruptions highlights the interdependence between cybersecurity and overall company

continuity, while also signifying the direct financial consequences.

Benchmark

The ongoing evolution of threat landscapes confronting organizations highlights the

complex problems associated with sustaining cybersecurity resilience, as seen by the MGM

Resorts attack (Alawida, Omolara, Abiodun, & Al-Rajab, 2022). It acts as a pressing request that

international organizations identify and resolve these weaknesses. To successfully reduce the

diverse repercussions of cyber-attacks, it is essential to build incident response strategies,

improve risk management practices, and strengthen defenses. In addition to highlighting the

urgent need for correction, the event also sparked a discussion about raising international

cybersecurity standards to protect private information and uphold stakeholder confidence in a

digital environment that is becoming more interconnected.

Lessons Learned

Organizations looking to strengthen their cybersecurity resilience may learn a lot from

the MGM Resorts hacking incident.

6

Proactive risk management

First of all, it emphasizes how important proactive risk management is. Sensitive

customer data exposure emphasizes the ongoing requirement for thorough risk assessments and

practical mitigation techniques. The exploitation of employee information using social

engineering approaches highlights the significance of continuous cybersecurity training and

increased awareness among employees.

Incident Response Strategy

Second, MGM Resorts' reaction and cleanup operations demonstrate the importance of

having an established incident response strategy (Wong, Ou, & Wilson, 2021). The choice to

forgo paying the ransom and rely on cybersecurity insurance serves as an example of how

important it is to be ready when handling a cyberattack’s aftermath. The event also highlights

how important it is to communicate openly both within and outside to preserve confidence.

Roadmap for Strengthening Cybersecurity

For organizations, these lessons provide a road map for strengthening their cybersecurity

posture. A strong incident response plan, thorough personnel training, and proactive risk

management are essential elements of a resilient cybersecurity strategy. Organizations may

improve their capacity to avoid, respond to, and recover from cyber-attacks by putting these

lessons into practice. This will eventually protect sensitive data, uphold stakeholder confidence,

and promote a more secure digital environment.

Conclusion

In conclusion, the cybersecurity breach at MGM Resorts should serve as a global

warning, highlighting weaknesses in both the technological and human sides of cybersecurity.

7

Employee awareness, incident response planning, and risk management may all be improved by

benchmarking against best practices. Organizations should adopt a proactive and thorough

cybersecurity strategy that emphasizes ongoing learning, frequent risk assessments, and a strong

incident response plan in light of the incident's lessons. Cyber threats change as technology

develops, so businesses must remain ahead of the curve by implementing strong cybersecurity

safeguards. A comprehensive and flexible cybersecurity policy is vital, as demonstrated by the

MGM Resorts hack, given the ever-changing spectrum of cyber threats. By incorporating these

insights into upcoming procedures, organizations may strengthen defenses, reduce risk, and

protect financial resources and stakeholder confidence.

8

References

Alawida, M., Omolara, A. E., Abiodun, O. I., & Al-Rajab, M. (2022). A deeper look into

cybersecurity issues in the wake of Covid-19: A survey. Journal of King Saud University-

Computer and Information Sciences.

CNN. (2023, October 5). Casino giant MGM expects a $100 million hit from a hack that led to a

data breach. Retrieved from CNN: https://edition.cnn.com/2023/10/05/business/

mgm-100-million-hit-data-breach/index.html

Techcrunch. (2023, October 6). MGM Resorts confirms hackers stole customers’ data during a

cyberattack. Retrieved from Techcrunch: https://techcrunch.com/2023/10/06/mgm-

resorts-admits-hackers-stole-customers-personal-data-cyberattack/

Wong, I. A., Ou, J., & Wilson, A. (2021). Evolution of hoteliers’ organizational crisis

communication in the time of mega disruption. Tourism Management, 104257.

  • Introduction
  • Analysis
    • Analysis of the Breach
    • MGM Resorts vs. Cybersecurity Standards
  • Benchmark
  • Lessons Learned
    • Proactive risk management
    • Incident Response Strategy
    • Roadmap for Strengthening Cybersecurity
  • Conclusion
  • References