Reality Check: Lessons of the MGM Resorts Security Breach
The September 2023 MGM Resorts security breach sent shockwaves through the digital world, serving as a stark reminder of the ever-present and evolving threat to organizations' digital assets. While we may not know every detail from the breach quite yet, it does serve as a powerful catalyst for organizations worldwide to reevaluate their cybersecurity strategies, recognizing that they’re not just an option but a necessity.
Layers of Vulnerability
As the reports have stated, hackers were able to gain access through social engineering. This can happen when a user either gives away their credentials or their credentials are stolen, providing the hacker with the same amount of access the employee held. In the MGM breach, the user had administrator access which is what allowed the hacker to reach so many corners of their IT system, such as contact information, date of birth, and driver’s license numbers pertaining to customers who used MGM services prior to 2019.
So, while any new customers may not have an immediate impact, some issues may be presented to previous or existing customers. With outages rolling on and on as MGM worked to resolve the issue, the company has lost an estimated $100 million. Not to mention the damage to reputation and brand.
It can be easy to forget that such large organizations can be so vulnerable to hackers across the globe but the truth is, cybersecurity is something that requires vigilance for businesses of all shapes and sizes, public or private, regardless of industry.
Building up Defenses
In a case such as this, one of the best options to mitigate risk is through security awareness training and ensuring the right security controls are in place, so access is limited. Whether credentials are stolen or voluntarily provided, implementing the proper controls could help reduce exposure or limit any potential damage.
Even more important is performing continuous risk-assessments to identify where unseen risk exposure lives, especially when provisioning an access request or via an internal audit. A big blindspot for organizations is not extending controls and risk-based checks to extend across and deep down with their transactional and critical business systems. Many of these systems house sensitive customer, financial, IP, and supply chain data. Ensuring access is always assessed and adjusted to eliminate toxic access combinations and over-provisioning is crucial to the success of a cybersecurity strategy.
As there is an ever-changing threat and dynamic risk landscape, enterprise organizations are depending on solutions such as Fastpath Identity risk-based security solutions, to gain deep insights into identity and access risks, mitigate these risks and continuously enforce strong security policies and controls. It’s always good to keep in mind that the best approach in designing controls is preparation. Invest in the latest technology and work with a team that can give you the best-fitting solutions to address your needs.
The MGM Resorts breach underscores the need for organizations to be vigilant and proactive in their cybersecurity efforts. By implementing a comprehensive security strategy that includes regular assessments, employee training, compliant user provisioning, and advanced threat detection mechanisms, companies can significantly reduce their risk of falling victim to similar attacks. Remember, in the evolving world of cybersecurity, preparation is key and having the best solution by your side is imperative.
If you're looking to fortify your security strategy and safeguard your organization's digital assets, Fastpath offers robust solutions that can help you achieve these goals. To explore our comprehensive suite of security tools and gain in-depth insights, please visit our website or connect with one of our advisors. Your path to a more secure future starts here.