What can we Learn from MGM’s Cybersecurity Breach?

The truly terrifying fact about data breaches is that for every handful of attacks, you may hear about one. Major cybersecurity attacks only reach the spotlight of public consciousness when massive organizations like MGM Resorts get hit.  

Cue the major international coverage when, a cyberattack in Sept. 2024 shut down casino and hotel computer systems at MGM Resorts International properties across the US. The private data of customers who used MGM services prior to March 2019 was breached, including contact info, gender, date of birth and driver’s license numbers. A limited number of Social Security and passport numbers were obtained as well.  

Now, it’s being reported that the disrupted operations will cause a $100 million hit to the company’s third-quarter results. As big as the casino giant is, one would think their cybersecurity measures were armed and ready. And perhaps they were, but the company’s recent cybersecurity breach serves as a reminder for organizations and individuals alike to take cybersecurity seriously.  

Consider this incident your sign to learn more about how you can protect yourself and your own organization.  

1. Strengthen your data protection

If you’re not a data security professional, this may not sound fun, but it’s necessary to robustly protect your data. Not sure where to begin? Start with something simple, like creating strong corporate passwords. Choose a combination of lower- and upper-case letters, numbers and symbols. Change them periodically, and use a third-party verification system like Google Authenticator. You’d be surprised at how many cybersecurity breaches happen as a result of weak passwords.

2. Robust cybersecurity trainings

Cybersecurity is everyone’s responsibility. Within the workplace, ensure that all employees receive regular training on cybersecurity best practices, such as how to identify phishing emails (your CEO is not emailing you to buy them a Starbucks gift card), the importance of strong passwords, and showing caution when it comes to sharing sensitive information. 

3. Keep systems and software up to date

Make sure you’re current with all operating systems, applications and firmware. Software updates usually include fixes for new security risks and vulnerabilities. Bug hunters and internal teams are often deployed to find weak spots so major companies can ensure security with repeated updates. Enhanced functions with updated versions of software can counter threats by incorporating the latest security measures and protections, making it harder for attackers to broach the site/app.

4. Communication and transparency are key

For an organization that experiences a cybersecurity incident, communication is crucial. If something happens and transparency is lost, not only will your customers/clients be frustrated, so too will your employees. In the event of a cyberattack, communicate openly and promptly. Transparency builds trust and allows for a more coordinated response. 

You can also ensure your business is ready to respond to a data breach by developing an incident response plan ahead of time that outlines the steps to be taken in the event of a cybersecurity breach. This will enable a quick and effective response, hopefully minimizing the impact on the organization. 

Distilled

Cyberattacks can happen to anyone and any organization, but by being as prepared as possible, you’re doing what you can to keep hackers at bay. Regularly reviewing and updating your software, systems and policies surrounding data can help you stay on top of things and be as protected as possible.