Book demo
18 October 2024

A Year After the MGM Cyber Attack: Have the Right Lessons Been Learnt?

Last year, during the IBM TechXchange at the MGM in Las Vegas, the unthinkable happened, a mass cyber-attack brought the MGM’s operations to a halt. Slot machines went offline, hotel check-ins were reduced to pen and paper and queues for room keys stretched endlessly. Guests were left without TV, room service, or even working phones. It was a vivid reminder of how fragile our interconnected systems are.

As the Predatar team once again returns to Las Vegas for TechXchange 2024, it’s a good moment to reflect on the key lessons learned since that attack. Despite heightened awareness and increased investments, businesses are still missing some fundamental aspects of cyber resilience. Here are three critical areas where organisations, including many of the prospects we’ve spoken with, are still falling short.

1. Money Can’t Fix Human Error

Cybersecurity spending has surged over the past year. According to a report from Gartner, global cybersecurity spending is expected to reach $188 billion in 2024, up significantly from previous years. Yet, despite these investments, many attacks still succeed. MGM attack is a prime example. Reports suggest the breach was enabled through social engineering and the exploitation of stolen employee credentials. The Predatar platform has found malware hidden in backups in 74% of our clients. After investigation with the client we found that the vast majority of this malware got through because of human error.

Both these examples bring up a vital point: no matter how advanced the tools are, human error remains a major vulnerability. While companies spend heavily on technology, they often invest far less in educating their employees. Proper training on identifying phishing attempts, securing credentials, and following best practices could make a huge difference. But for many organisations, staff training is still treated as an afterthought.

Why does this happen? It’s easier for businesses to justify spending on shiny new tools than on something as intangible as staff education. Yet, the people in your organisation are often the first and last line of defence. Without proper training, even the best tech can’t protect you.

2. Silos Are Killing Resilience

A recurring theme we hear from hundreds of prospects each year is the disconnect between security and storage teams. While we don’t know the exact details of the MGM attack in this regard, many organisations are dealing with a similar problem: these teams operate in silos, with little coordination or communication.

This lack of integration makes it difficult to respond quickly and effectively to cyber incidents. Cyber resilience requires a unified approach where security and storage teams are aligned and able to collaborate seamlessly. Yet, in many businesses, the best you get is token integration.

What’s needed is a solution that brings these worlds together. A single pane of glass that allows security teams to monitor and manage all the various storage products in use, helping them understand each other’s environments, communicate better, and respond jointly to threats. Having these teams work off the same data, in real-time, is key to closing the gap that so often leads to recovery delays.

3. All Defence, No Recovery

While businesses are investing heavily in stopping attacks, they’re often neglecting an equally important part of the equation: resilience. It’s not just about preventing an attack, it’s about ensuring that, when the inevitable happens, you can recover quickly.

In MGM’s case, the recovery process was slow and painful, with systems offline for days. Many businesses still under-invest in their recovery plans, focusing more on building barriers than on what happens when those barriers are breached. This approach leaves them exposed to extended downtimes and revenue loss when a breach occurs.

Ensuring resilience means investing in solutions like immutable backups, automated recovery testing, backup scanning and tools that can protect and restore data even during an ongoing attack. Companies need to shift their thinking from merely preventing attacks to being able to recover from them efficiently.

What Needs to Change?

As we head into TechXchange 2024, it will be interesting to see how often these three key issues, human error, siloed teams, and a lack of resilience are addressed. Will the sessions focus on the bigger picture, or will they lean towards point solutions that only solve one part of the puzzle?

While the presenters, tech and tools on display will be impressive, the real value lies in addressing these broader challenges. Businesses need to bring their teams together, train their people, and build resilience into every aspect of their operations. Only then will they be truly prepared for the next inevitable attack.

One year on, MGM is still recovering not just from the technical fallout but from the reputational damage caused by the attack. It’s telling that this year’s IBM TechXchange is being held at Mandalay Bay, a shift that suggests the long-lasting impact of such a breach. The damage to a company’s reputation can linger long after systems are restored, a reminder that cybersecurity failures leave scars that take far longer to heal.

We’ll be in Vegas and would love to meet with you to discuss how to build true cyber resilience into your business. Reach out to book a meeting with us while we’re there.

Learn more about
Predatar recovery assurance