MGM Resorts International recently revealed that a cyberattack that disrupted its operations would cost the company over $100 million in the third quarter.
This colossal breach highlights the pressing need for security awareness training in organisations, big and small, to prevent and mitigate cyber threats. If this news is making you feel nervous that your business is at risk, then you need to call Velocity’s cybersecurity experts immediately.
Here’s a recap of the story we highlighted recently. MGM, one of the world’s largest gambling firms, detected the cyberattack last month and promptly shut down its systems to contain the damage. Customers soon posted images on social media of slot machines displaying error messages and long queues at hotels in Las Vegas. The attack sent shockwaves through the industry and the cybersecurity community, leaving many to wonder how such a breach could occur in a high-profile organisation like MGM.
The hacking group AlphV claimed responsibility for the breach. They are believed to have collaborated with another group known as Scattered Spider to infiltrate MGM’s systems and steal data for extortion. MGM has not confirmed whether a ransom was requested or paid, leaving the situation clouded.
The incident continued to be investigated by the FBI and it serves as a stark reminder that large organisations are still vulnerable to cybercrime, despite substantial security measures. Analysts who have been monitoring the activities of Scattered Spider have noticed an alarming trend where more and more organisations are falling victim to their sophisticated social engineering tactics.
We may never know if the MGM incident occurred because of employee naivety or carelessness, but it underscores why all businesses have an urgent and ongoing need for security awareness training.
This is why you need to pay attention and where we step in:
1. Human Error and Social Engineering: Cybercriminals like those in the Scattered Spider group often exploit human error through social engineering tactics. Employees may unwittingly provide access to sensitive systems or fall prey to phishing attacks. Velocity’s security awareness training can educate staff on recognising and responding to these threats effectively.
2. Data Protection: Organisations must prioritise data protection. Velocity’s approach to security awareness training helps employees understand the value of data, how to handle it securely, and the potential consequences of data breaches.
3. Incident Response: Rapid and effective incident response is crucial during a cyberattack. Velocity’s training ensures that employees know their roles and responsibilities in the event of a breach, which can minimise the impact and financial losses.
4. Compliance and Regulations: Imperative for financial services and payments businesses operating in highly regulated markets. Velocity’s security awareness training helps organisations stay compliant with data protection regulations, which often come with hefty fines for non-compliance, or worse still, loss or suspension of a license.
MGM’s staggering $100 million loss serves as a cautionary tale for businesses across industries. Cybersecurity is not just the responsibility of IT departments; it’s a collective effort that requires every employee to be vigilant and well-informed. Velocity tailors’ security awareness training to businesses at every stage of growth recognising the cost of neglecting training can be far more than financial. It can impact customers, reputation and jeopardise business strategy. In an age where cybercriminals are becoming more sophisticated, security awareness training is not a luxury; it’s a necessity.