On September 10, MGM Resorts experienced what it called a "cybersecurity issue" that had a major impact on the company's systems, showing how cyberattacks can bring down applications, ultimately causing problems for a company in many ways.
According to Forbes, "The attack left hotel guests locked out of their rooms for hours and unable to use their digital key cards to charge goods and services. Eventually, the hotels resorted to manual processes and transactions."
The attack was first noticed by MGM Resorts on the evening of September 10. About 24 hours later the casinos were operational but the reservation systems was still down.
The company's website was also offline for at least 2 days.
In addition, the cyberattack impacted the MGM Rewards App and gaming on the casino floors. Las Vegas TV station KTNV reported, "Multiple gaming machines, including slot machines, have also gone offline due to the cybersecurity issue."
MGM Resorts has not yet disclosed which specific systems were impacted, and some of the downtime could be a result of the company shutting down its own systems to protect them, but the end result is still a disaster for the company. This attack shows how pervasive a cyberattack can be throughout a business operation.
In the latest episode of the Cybersecurity Awesomeness Podcast on DEVOPSdigest, Rick Sturm, CEO and Founder of Enterprise Management Associates (EMA) gave a stern warning to companies of all sizes. While speaking not specifically about MGM Resorts but more about cybersecurity in general, he said, "This stuff is rooted, to some extent, in corporate greed. Where management is always an afterthought, and security is even worse than that, it's way, way down. And we can save gazillions of dollars by connecting to the ... Internet, and security be damned, nobody will try to get in. And besides, we've got a couple firewalls. That should do it, right? No, it's not right ... We are seeing this over and over and over, and yet organizations are not taking the precautions that they need to. They take the quick and easy fix — they think. And ultimately, if you are connected to the Internet, you will be hacked, whether you're large or small."
On the podcast, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA added, "From the perspective of the network engineering team, it points to the fact that people don't have a lot of control over what's happening within their network. They don't see what's happening. It's about access control and segmentation. Like limiting lateral movement. Having a lot granular control over who can talk to what inside inside your network, and being able to understand if some kind of anomaly is popping up in terms of connections and communication. It requires a lot of manual heavy lifting from a network engineering team to be able to lock things down completely. And no one does it. As Rick was saying, part of it's greed, like no one wants to spend the money on it. Part of it is they don't have the tools to do it. And another part of it is they don't have the people to do it … It's a problem that needs to be solved."
Listen to Episode 27 of the Cybersecurity Awesomeness Podcast for more of EMA's take on the MGM Resorts cyberattack.