The recent cyberattack on MGM Resorts International highlights the challenges of protecting a vast tech infrastructure and thousands of employees while the hospitality sector integrates internet-connected technology.
Experts say that the impact of this attack on a major operator in a security-focused industry came as a surprise to some.
“I’ve been in this industry for a long time, and not much surprises me anymore, but I was pretty surprised to see this,” said Alex Hamerstone, advisory solutions director at cybersecurity company TrustedSec, who works with casinos and hotels.
Hamerstone explains that the combination of online services, the legalization of sports betting in many states, the use of internet-connected devices in gambling floors, and the reliance on mobile technology for hotel procedures have expanded the vulnerability to cyberattacks.
Nick Hyatt, cyber practice lead at Optiv, suggests implementing redundant systems and isolating critical applications from the wider network to ensure that operations can continue even if primary servers are compromised.
Hyatt emphasizes that reputational damage can occur when critical systems like slot machines and hotel door keys fail, as customers quickly spread their frustrations on social media.
Saeed Abbasi, manager of vulnerability and threat research at Qualys, highlights the need for deploying zero-trust networks in hospitality organizations. These networks constantly challenge users to prevent hackers from freely spreading within the network.
Matt Belkin, COO of Acrisure’s Cyber Services unit, emphasizes the importance of training employees to detect social-engineering schemes and avoid clicking on malicious links.
According to reports, social-engineering tactics were used in a recent compromise of Caesars Entertainment, leading to the company paying a ransom to avoid disruption to their business. However, MGM has not disclosed whether they received a ransom demand.
Geoff Haydon, CEO of Ontinue, warns that containing an attack can still disrupt operations, especially when interconnected systems in hotels and casinos allow hackers to find pathways to other systems.
The hospitality industry is an attractive target for hackers due to the sensitive financial and personal information held by hotels and casinos.
MGM stated that guest services were operational but continued to investigate the attack. However, as of Wednesday afternoon, their website remained down, and customers who booked a trip were offered refunds.
Customers have expressed frustration on platforms like X and TikTok, reporting long lines at check-ins and manual checkouts and payouts from gambling machines, often limited to cash only.
—Catherine Stupp contributed to this article.
Write to James Rundle at [email protected]
Denial of responsibility! Vigour Times is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.