Before the hack, MGM had an "F" rating for cybersecurity vulnerabilities
Before a recent ransomware attack continued to disrupt MGM Resorts International's domestic gaming operations, the casino giant earned an "F" grade from a cybersecurity analyst firm for the speed with which it fixed network vulnerabilities.
In a series of recent cybersecurity assessments, Boston-based cybersecurity assessment and analytics firm BitSight gave MGM an "F" grade for patching frequency. Patch frequency refers to how quickly a company patches known network issues and vulnerabilities.
While it's unclear whether the hackers who attacked MGM on September 10 were avid followers of BitSight's ratings, it's clear that companies that received an "F" patch cadence grade from the research firm were 3.2 times more likely to fall victim..Adverse cyber events are 50% more likely to be tolerated than those with an "A" rating, and 50% more likely than those with a "B" rating.
Cyber incidents include ransomware attacks, data breaches and business disruptions, forcing affected parties to file cyber insurance claims or reports.
Maybe information about the MGM "F" rating
To be clear, BitSight isn't singling out MGM - other companies can and do get dubious "F" grades for patch clock frequencies. However, the carrier has a troubled history with cybersecurity.
In February 2020, it was revealed that hackers had stolen sensitive data on 10.6 million MGM customers, including some celebrities, from the company's database in 2019 and then sold the data on the dark web for a profit.
In December, BetMGM, which is 50% owned by MGM, confirmed a data breach believed to have occurred in May 2022. Bellagio operators are not alone. Rival Caesars Entertainment has also recently fallen victim to a ransomware attack, while the travel and leisure industry, including casino operators, has been a favorite target for cybercriminals.
Lior, CEO of Waterfall Security, said: “When it comes to improving security, casinos, like many other industries, need to increase awareness of their vulnerabilities, strengthen network segmentation, restrict access controls and strengthen patching and updating practices, especially for remote access. ." Solution Frenkel in the comments.
MGM paid the price...literally
While rival Caesars disclosed in a recent regulatory filing that one of its insurance companies paid an undisclosed amount to hackers to thwart a ransomware attack, MGM has yet to follow suit. The cyberattack on MGM is now in its tenth day, costing the operator up to $8.4 million in lost revenue per day.
That equates to $84 million, a fraction of the $14.8 billion in consolidated revenue the Cosmopolitan operator generated in the 12 months to June 30.
While $84 million isn't a huge amount of money from the company's perspective, it may be more than the hackers asked for, or more than MGM needs to allocate to meet its cybersecurity needs.
Read also:
- U.S. cities with the most Swifties per capita
- Blackjack Casino Advantage: How to Beat the Odds
- Football 101: What is relegation in football?
- Report adds to industry concerns about declining profits at Atlantic City casinos in 2023
Source: www.casino.org
