Many of today’s increasingly devastating high-profile “cyberattacks” can actually be attributed to human error. The recent attacks on Caesars Entertainment and MGM Resorts stand as stark examples of this. Caesars reportedly paid a $15 million ransom to the attackers whereas MGM refused to pay, causing substantial interruptions to its operations.
Between the attacks and lawsuits, the hospitality giants expect to lose hundreds of millions. Yet the alleged MGM hackers professed it only took a 10-minute phone call with IT to gain credentials that granted them access for the attack. Understanding how attacks like this happen can be key to keeping your business safe.
Caesars and MGM have divulged little about the attacks. However, Forbes reports that Caesars was hit in late August by a group called Scattered Spider. In early September, a group called ALPHV, or Black Cat, infiltrated MGM’s systems.
Scattered Spider gained entry to Caesars’ system by deceiving a third-party IT support vendor. The group impersonated a Caesars employee and convinced the IT vendor to provide login credentials to Caesars’ access management provider, Okta. Similarly, ALPHV hacked MGM by using information from employee LinkedIn profiles to gain Okta and Azure access from MGM’s IT department.
The hackers promptly made ransom demands once they had control of the organizations’ systems and access to sensitive guest and employee information. Caesars reportedly paid the ransom, asserting that the event did not impact its operations. MGM, however, refused to pay, which forced the organization to shut down internal networks. This led to widespread havoc and prevented guests from checking in, making payments, opening doors, or using elevators or slot machines.
As the dust from the attacks settles, Caesars and MGM face financial and reputational damage, as well as nine collective lawsuits. MGM alone estimates more than $100 million in third quarter losses.
The Caesars and MGM hacks mark a new era for cybercrime. Similar attacks have increased dramatically in recent years. In a poll by Deloitte, 48.8% of executives indicated that they expect the number of cyberattacks targeting their organization to increase. New concepts like ransomware as a service—which involve affiliates paying ransomware operators to attack specific targets—will create new opportunities for threat actors.
The increase in cybercrime is also driving an increase in cyber insurance claim payouts. As cybercriminals target more organizations, insurance carriers develop new requirements for businesses to maintain strict cybersecurity protocols and reporting practices. These requirements reflect the recent changes announced by the Securities and Exchange Commission (SEC). Starting December 18th, the SEC will require businesses targeted by cyberattacks to promptly report them. Together, these factors illustrate the mounting pressures on businesses to assess and strengthen their cyber defenses.
What can you do to protect your business from cyberattacks? Taking the following steps can help you stay out of harm’s way:
When a cyber event does happen, reach out to your insurance broker first. Your broker will engage with your carrier and make recommendations on next steps. Informing your broker will help ensure your compliance for insurance coverage.
If you’re considering paying the ransom, consult with the recommended legal counsel, forensic investigator, or any other experts your broker or carrier connects you with first.
If you have questions about strengthening your cyber coverage, meeting with an experienced broker is a great place to start. They can advise you on eliminating coverage gaps and maintaining best practices.
With the right combination of cybersecurity, education, and insurance, you can stand your ground against the growing threat of cyberattacks.
Want to learn more?
Find Allen Blount on LinkedIn, here.
Find Michael Tang on LinkedIn, here.
Connect with Risk Strategies Cyber Risk team at cyber@risk-strategies.com.