On September 10, MGM Resorts experienced what it called a "cybersecurity issue" that had a major impact on the company's systems, showing how cyberattacks can bring down applications, ultimately causing problems for a company in many ways.
According to Forbes, "The attack left hotel guests locked out of their rooms for hours and unable to use their digital key cards to charge goods and services. Eventually, the hotels resorted to manual processes and transactions."
The attack was first noticed by MGM Resorts on the evening of September 10. About 24 hours later the casinos were operational but the reservation systems was still down.
The company's website was also offline for at least 2 days.
In addition, the cyberattack impacted the MGM Rewards App and gaming on the casino floors. Las Vegas TV station KTNV reported, "Multiple gaming machines, including slot machines, have also gone offline due to the cybersecurity issue."
MGM Resorts has not yet disclosed which specific systems were impacted, and some of the downtime could be a result of the company shutting down its own systems to protect them, but the end result is still a disaster for the company. This attack shows how pervasive a cyberattack can be throughout a business operation.
In the latest episode of the Cybersecurity Awesomeness Podcast on DEVOPSdigest, Rick Sturm, CEO and Founder of Enterprise Management Associates (EMA) gave a stern warning to companies of all sizes. While speaking not specifically about MGM Resorts but more about cybersecurity in general, he said, "This stuff is rooted, to some extent, in corporate greed. Where management is always an afterthought, and security is even worse than that, it's way, way down. And we can save gazillions of dollars by connecting to the ... Internet, and security be damned, nobody will try to get in. And besides, we've got a couple firewalls. That should do it, right? No, it's not right ... We are seeing this over and over and over, and yet organizations are not taking the precautions that they need to. They take the quick and easy fix — they think. And ultimately, if you are connected to the Internet, you will be hacked, whether you're large or small."
On the podcast, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA added, "From the perspective of the network engineering team, it points to the fact that people don't have a lot of control over what's happening within their network. They don't see what's happening. It's about access control and segmentation. Like limiting lateral movement. Having a lot granular control over who can talk to what inside inside your network, and being able to understand if some kind of anomaly is popping up in terms of connections and communication. It requires a lot of manual heavy lifting from a network engineering team to be able to lock things down completely. And no one does it. As Rick was saying, part of it's greed, like no one wants to spend the money on it. Part of it is they don't have the tools to do it. And another part of it is they don't have the people to do it … It's a problem that needs to be solved."
Listen to Episode 27 of the Cybersecurity Awesomeness Podcast for more of EMA's take on the MGM Resorts cyberattack.
The Latest
Companies implementing observability benefit from increased operational efficiency, faster innovation, and better business outcomes overall, according to 2023 IT Trends Report: Lessons From Observability Leaders, a report from SolarWinds ...
Customer loyalty is changing as retailers get increasingly competitive. More than 75% of consumers say they would end business with a company after a single bad customer experience. This means that just one price discrepancy, inventory mishap or checkout issue in a physical or digital store, could have customers running out to the next store that can provide them with better service. Retailers must be able to predict business outages in advance, and act proactively before an incident occurs, impacting customer experience ...
Earlier this year, New Relic conducted a study on observability ... The 2023 Observability Forecast reveals observability's impact on the lives of technical professionals and businesses' bottom lines. Here are 10 key takeaways from the forecast ...
Only 33% of executives are "very confident" in their ability to operate in a public cloud environment, according to the 2023 State of CloudOps report from NetApp. This represents an increase from 2022 when only 21% reported feeling very confident ...
The majority of organizations across Australia and New Zealand (A/NZ) breached over the last year had personally identifiable information (PII) compromised, but most have not yet modified their data management policies, according to the Cybersecurity and PII Report from ManageEngine ...
A large majority of organizations employ more than one cloud automation solution, and this practice creates significant challenges that are resulting in delays and added costs for businesses, according to Why companies lose efficiency and compliance with cloud automation solutions from Broadcom ...
Companies have historically relied on tools that warn IT teams when their digital systems are experiencing glitches or attacks. But in an age where consumer loyalty is fickle and hybrid workers' Digital Employee Experience (DEX) is paramount for productivity, companies cannot afford to retroactively deal with IT failures that slow down employee productivity ...