MGM Hack Is Stark Reminder Not to Gamble With Cybersecurity
A cyberattack this month caused MGM Hotels & Casinos to shutter operations at more than a dozen locations, plausibly costing the company up to $8.4 million per day. Days later, Caesars Entertainment notified the Securities and Exchange Commission that it paid hackers roughly $15 million in ransom money after a recent data breach. The Wall Street Journal (WSJ) reports that Caesars claims to have “discovered that the attacker acquired a copy of data including driver’s license numbers and social security numbers for ‘a significant number’ of members of its loyalty program.”
These Las Vegas casinos join a prestigious group of entities that has this year suffered from cybercrime. This group includes multiple federal entities, healthcare facilities, state governments, local school systems, prestigious universities, and leading corporations such as Shell Global and Sony.
Policy makers ought to recognize that even the most highly resourced organizations, with the strongest incentives to maintain robust security, cannot maintain perfect cybersecurity. No government, company, or cybersecurity expert can eliminate human error, the security weakness hackers exploit most often. Indeed, in the Caesars breach, “Hackers used a social-engineering scheme, in which a person pretending to be an employee contacted the company IT help desk to have a password changed, according to people familiar with the matter,” the WSJ relates.
Technology and cybersecurity companies, fully aware of this fallibility, innovate continuously to minimize the probability of – and damage done by – operator errors. In the personal-device industry, Apple has tied its marketing and brand image to high levels of cybersecurity. While iOS devices provide the user less flexibility than Android devices do, they fall victim to malware at significantly lower rates – a satisfactory tradeoff for many. Consumers historically have preferred more closed platforms that streamline or make safer the user experience, and many happily choose the relative security Apple products offer.
As the App Security Project has reported extensively, politicians and bureaucrats too often ignore many cybersecurity concerns that conflict with their other policy desires. These leaders should re-review the ever-increasing threats Chinese, Russian, and private hackers pose and accordingly reorient their priorities.
Published on September 19, 2023