News this week has been dominated by the story of over a dozen MGM Hotels & Casinos that have had to shut down operations after a cyberattack against their computer systems. First announced on Sunday, systems at a dozen MGM properties were suddenly inoperable, paralyzed by a breach stemming from a highly targeted phishing attack.

Despite assurances from MGM Resorts International that daily operations had resumed, guests of the resort continued to report the opposite, posting photos online of offline slot machines.

As reported in USA Today, to contain the incident, MGM Resorts International began working with external cybersecurity experts to remediate and contain the breach.

Not long after the attack, VX Underground, a not-for-profit group that establishes contact with cyber-crime groups and documents patterns and activity, reported the incident to be caused by a threat group named AlphV BlackCat, infamous for many high-profile attacks – including those against Suffolk County, NY in 2022.

The FBI has been made aware of the incident, but characterized the event as ongoing, according to The Associated Press.

Businesses of all sizes that deal with sensitive data are targets of cyber criminals and must implement cybersecurity services to help mitigate risks. This well-publicized event serves as a reminder of the importance of being prepared for a potential cybersecurity incident at any time.

Your business needs a proper information security plan to handle cybersecurity threats now and in the future. Creating a plan and revisiting it annually is recommended. Example cybersecurity measures your business must implement includes:

Installing Enterprise-Grade Firewalls
Maintaining a Robust Backup and Disaster Recovery Solution
Using Multi-Factor Authentication
Securing Passwords with a Password Management System
Restricting Access to Sensitive Data

Creating and Maintaining Security Policies and Procedures
Providing Cybersecurity Awareness Training to all Employees
Seeking Professional Assistance

Ramp up your cybersecurity posture and protect sensitive data. Sourcepass can help.

Dan Levy is the Sourcepass Security Engineering Lead. Reach out to Dan at (877) 678-8080.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The impact and lessons of the MGM cyber-attack