Chat with us, powered by LiveChat Individual Research of a Major Cybersecurity Breach: Cover page Table of contents Executive summary Main Content References ? – Main Content Your main content shou - Writeden

Individual Research of a Major Cybersecurity Breach:

Cover page

Table of contents

Executive summary

Main Content

References

 

– Main Content

Your main content should include the following segments or heading.  It is highly recommended that you include your own sub-heading to guide the readers.

– Introduction & background information

– Fact of the case: What Happened?  

 -Impact assessment: Analyze the impact from several aspects (for example, customers, stakeholders, regulators, and so on).

 -Disclosure Assessment: Using the disclosure framework from class, analyze the adequacy of the disclosure. 

-Future Audit and Remediation: Base on your analysis in section 4, what should be done in terms of controls and remediation to prevent future occurrence?  (use COSO or Common Criteria analysis to prepare this section)

 -Conclusion: Conclude the case

This is a Master’s level portfolio work which should be treated with utmost care.  Your work is to be presented professionally and maybe selected by the Lam Family College of Business in student portfolio showcases.

Overall, the main content of the report excluding the cover page, table of content, executive summary and appendices should be no less than 15 pages, single-spaced, or 30 pages, double-spaced with standard 12-point size font. 

 

There is NO hard limit on the page counts nor on the number of exhibits; therefore, no length limit is imposed on your final report.

Plagiarism check

Submission of the final portfolio will be checked via “Turn-it-in.”  Turn-it-in is a plagiarism checking service that would scan sources from the internet and submissions to other universities.   Please refer to the “Academic Standard” section for the Lam Family School of Business policies on plagiarism.

 

Evaluation of MGM Cybersecurity Breach Exposures

How complete was the disclosure? What aspects of the breach were disclosed (Threat – threat agent – vulnerability – actual breach – discovery – investigation – impact – remediation)?

On October 5, 2023, MGM Resorts filed the details of the recently concluded cyberattack on MGM data collection and management systems. The company claimed that hackers had managed to access customer's personal information, including their names, contact information, gender, dates of birth, driver's license numbers, social security numbers, and passport details. However, the hackers are unlikely to have gained access to customer security passwords and payment details. MGM Resorts was unclear about the number of affected users in the recently concluded cyberattack.

How timely was the disclosure? Did it provide adequate time references for evaluation (report, discovery, investigation, and remediation lag)?

The details provided by MGM Resorts in their fillings confirmed that the company systems were breached by a cyberattack leading to stealing customer's personal information. The extent of damages in terms of stealing personal data was reported, and the likely repercussions of economic losses due to the disruption of services were estimated to be more than $100 million in the context of lost earnings.

Did management involve themselves in the disclosure? (signature of C-suite executives)

Yes, as the filings submitted by MGM Resorts on October 5, 2023, were signed by Jessica Cunningham, Vice President, Legal Counsel, and Assistant Secretary of MGM Resorts. MGM Resorts management actively dealt with the impact of cyberattacks and decisions related

to the normalization of services provided by the company. The company had reportedly spent around $10 million in one-time expenses related to the recovery activities from the cyberattack (Page & Whittaker, 2023). MGM Resort management had decided not to pay ransom to the hacker group. It deemed the company's cybersecurity insurance sufficient to meet the economic impact of the recent cyberattacks.

,

8

Research Workshop #3

In cybersecurity governance and event reporting, the MGM Resorts 2023 security breach is a crucial example. The issue is examined from the perspective of internal audit in this research note, which highlights essential elements such as board accountability, risk management, management involvement, reporting frameworks, cybersecurity awareness, and incident response plans (Mohana Krishnan et al., 2023). Given its extensive financial impact, this breach emphasizes the need for proactive risk management approaches and the importance of strong cybersecurity governance. Furthermore, the particulars of this incident are explored, and the critical responsibilities that different stakeholders, including board members, management, and internal audit, play in preventing and addressing cybersecurity threats of this nature are examined.

Board Responsibility

Effective response systems and cybersecurity governance are major responsibilities of the board of directors. Regarding the security breach at MGM Resorts, the board needs to have adhered to the following obligations:

Set the Tone

Establishing the tone meant cultivating a cybersecurity-aware culture that emphasized how vital it is to protect consumer data and follow industry rules. This fundamental step reinforced the organization's commitment to data security and regulatory compliance by highlighting the necessity for vigilance and compliance in the face of emerging cyber threats. 

Oversight of Risk Management

The board exhibited proactive supervision by assessing and approving the company's risk management plan. Given the significant estimated losses of $100 million caused by this attack, the board's ability to comprehend the possible ramifications of future cybersecurity breaches was made possible by this all-encompassing strategy, which was crucial. This inspection made sure that the organization's attempts to mitigate risk matched its larger goals for business.

Resource Allocation

Assuring that vital resources were set aside to support cybersecurity measures, the board was instrumental in determining how best to allocate resources. To strengthen the organization's cybersecurity defences, funds must be set aside for staff training and the purchase of cutting-edge security equipment. Sufficient money was essential to building an efficient defensive mechanism against cyberattacks and guaranteeing that the company had the personnel and equipment to safeguard confidential information and lessen any dangers.

Regular Reporting

The board established a system for frequent reporting, requiring management to provide regular reports on the state of the organization's cybersecurity. These reports included details on new threats, security incidents, and the general effectiveness of the cybersecurity program. This procedure guaranteed openness and informed the board, allowing prompt revisions to the organization's cybersecurity plan.

Legal and Regulatory Compliance

In cybersecurity governance, putting legal and regulatory compliance first is essential. It includes ensuring the company complies with cybersecurity standards set forth by regulatory agencies like the SEC. Significant incidents must be reported promptly in accordance with these requirements. Compliance reduces possible legal risks and financial fines by guaranteeing that the company stays within the bounds of the law. Also, it shows a dedication to openness and responsibility, both essential for preserving stakeholder confidence and limiting harm to one's reputation in the case of a cyberattack.

Risk Management

Many important assets were in danger in the context of the MGM Resorts security incident. Confidential client data such as addresses, telephone numbers, names, sex, dates of birth, driver's license numbers, social security identities, and passport information were among them. The breach also put the organization's credibility and reputation at risk. Future attacks could have a significant impact because the breach resulted in an estimated loss of over $100 million in earnings, highlighting the financial vulnerability (Childs, 2023). In order to mitigate these risks, the organization needs to create a clear incident response plan, invest in strong cybersecurity systems, and build thorough risk mitigation methods.

Potential Impact Analysis

Future cybersecurity incidents could have a wide range of possible effects and could significantly influence an organization. These effects include factors related to finances, operations, and reputation. Incidents may cause large financial losses due to direct event response and recovery expenditures, legal obligations, and regulatory fines. Downtime brought on by operational hiccups can impact customer satisfaction and service delivery. Furthermore, hacked consumer data can undermine confidence and harm the company's image. Strong risk management and incident response plans are essential since the scope and form of these effects might change based on the type and severity of the incident.

Risk Handling Strategies

Using efficient risk management techniques is essential to controlling the possible effects of cybersecurity events. These tactics could consist of the following:

Risk Mitigation:

Proactive steps are taken to lessen the possibility and effect of cybersecurity events as part of risk mitigation. To bolster an organization's defences against potential threats and vulnerabilities includes implementing stronger security controls, regular patch management, and access limits.

Risk Transfer:

Transferring part of the financial burden of cybersecurity incidents to an insurance provider is known as risk transfer (Childs, 2023). Organizations acquire cybersecurity insurance plans to protect against potential losses, such as incident response expenses, fines from regulatory bodies, and legal obligations. The financial impact of security breaches is lessened with this tactic.

Risk Acceptance: 

This refers to the organization recognising that some risks are unavoidable and deciding to forgo further resources to reduce or eliminate them. It is frequently used when a risk has little probability or impact, and the expense of mitigating it could be more than the risk's possible outcomes. The risk tolerance of an organization is in line with this approach.

Incident Response Planning: 

Creating an organized, well-documented strategy for handling and lessening the effects of cybersecurity incidents is known as incident response planning. It describes the actions and protocols that must be taken in the event of an incident, including incident identification, containment, eradication, recovery, and lessons gained (Childs, 2023). A well-thought-out plan is necessary for prompt and efficient incident handling.

Management Involvement

Organizational leadership must take a proactive approach to managing cybersecurity. In this context, the roles of the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) are crucial. To ensure that the company's computer networks and technological infrastructure comply with cybersecurity regulations and processes, the CIO monitors them. The planning and execution of cybersecurity, comprising risk evaluations and safety measures, is the purview of the chief information security officer (CISO). They collaborate to preserve a strong cybersecurity posture. They are responsible for creating and enforcing cybersecurity policies, putting technological controls in place, performing frequent risk analyses, and ensuring the company is prepared for cyberattacks. Their close interaction and frequent board reports guarantee that the leadership is knowledgeable about cybersecurity issues, encouraging a proactive and strong approach to incident prevention.

Reporting Structure

For cybersecurity incident management to be effective, the organization must establish a clearly defined reporting system. It entails defining escalation protocols and assigning particular people or groups as points of contact for incident reporting. When an incident happens, this structure makes incident reporting easier and guarantees that the appropriate people are notified right away (Hendrix, 2023). Well-defined reporting pathways facilitate efficient detection, evaluation, and reaction. This reduces the possible consequences of cybersecurity incidents and strengthens the organization's ability to withstand changing threats.

Cybersecurity Awareness

Encouraging cybersecurity awareness among all staff members is essential to constructing a strong defence against constantly changing threats. This means putting in place extensive training and educational initiatives. Through such activities, the organization hopes to instil a sense of awareness regarding the crucial relevance of cybersecurity in protecting customer data and reputation. Workers are essential in seeing and thwarting possible attacks, especially regarding social engineering tactics like phishing. Organizations may help create a safer digital environment by empowering their teams to act as a collective shield against cybersecurity risks through workforce education and awareness-raising.

Incident Response Preparation

An essential part of cybersecurity readiness is incident response planning. It entails drafting and revising a comprehensive plan that specifies the actions to take in order to manage and lessen the effects of cybersecurity events efficiently. This plan covers threat identification, incident containment, threat eradication, affected system recovery, and post-event analysis to enhance response tactics. Regularly holding incident response drills and exercises enables staff members to become acquainted with their duties and obligations in case of a security breach. The organization's incident response capabilities must be continuously improved, which requires recording and evaluating these drills. Thanks to a well-prepared incident response strategy, the organization can react quickly and efficiently when cybersecurity events arise.

Conclusion

In conclusion, the security compromise at MGM Resorts highlights the importance of proactive cybersecurity governance and incident response plans. Organizations can strengthen their cybersecurity posture and guarantee compliance with external requirements like those imposed by the SEC by implementing various measures, including board responsibility, risk management, management involvement, reporting structure, cybersecurity awareness, and incident response planning. Organizations need internal audit assistance in these efforts because it fosters security and resilience against the ever-growing threat of cyberattacks. Businesses aiming to improve their cybersecurity procedures might benefit greatly from the lessons this hack taught us.

References

Childs, D. (2023).  The Hospitality Curriculum Cybersecurity Education Shortfall: An Exploratory Study (Doctoral dissertation, Marymount University).

Hendrix, B. (2023). The effect of ISBs on publicly listed companies’ business performance.

MohanaKrishnan, M., Kumar, A. S., Talukdar, V., Saleh, O. S., Irawati, I. D., Latip, R., & Kaur, G. (2023). Artificial Intelligence in Cyber Security. In  Handbook of Research on Deep Learning Techniques for Cloud-Based Industrial

,

Threat

Threat refers to the risks or losses resulting from a cyberattack. In the MGM security breach, the loss of customers' personal information, including their names, contact information, gender, dates of birth, and driver's license numbers, can be considered a threat in the given context. Also, the suspension of MGM Resort services, which included disruptions to MGM Resorts and the closing down of ATM services and online booking systems, led to an estimated loss of $100 million to MGM Resorts (Page & Whittaker, 2023).

Threat Agent

          A threat agent is a person, entity, or actor that carries out the cyberattack. Hackers from the ALPHV subgroup Scattered Spider claimed the September 11 large-scale cyberattack on MGM Resorts. The hackers claimed in their message, "If you have money, we want it."

Vulnerability

          Vulnerability refers to the weakness hackers exploit to get into the system to employ the cyberattack. As per the claims made by hackers from the ALPHV subgroup Scattered Spider, the group found a LinkedIn profile of an MGM employee and employed social engineering techniques to compromise MGM Resorts Cybersecurity systems (Page & Whittaker, 2023). The hacker group used the details collected from employees' LinkedIn to access their accounts by calling MGM's help desk.

Discovery

          The recent cyberattack was discovered after the manifestation of large-scale service disruptions experienced by customers of MGM Resorts beginning on September 11, 2023. The company officially acknowledged the occurrence of a cyberattack in its filing with the SEC on October 5, 2023.

Investigation

          Internal investigations by MGM Resorts revealed that no customer passwords or payment details were likely to have been captured in the cyberattacks. The hackers were able to gain access to the personal information of customers, including their names, contact information, gender, dates of birth, and driver's license (Page & Whittaker, 2023). MGM Resort also reported that the hackers may have accessed the social security numbers and passport details. The investigations also revealed that the number of affected customers was yet to be determined.

Impact Assessment

MGM Resorts also reported that the recent cyberattack may result in losses of an estimated $100 million in terms of loss of earnings and an estimated one-time expense of $10 million in cyberattack-related activities. Customers reported service disruptions, including accessing ATM services, Casinos, and online booking systems days after the discovery of cyberattacks.

Remediation

          MGM Resort management reported that the company's cybersecurity insurance policy options were sufficient for making up the losses incurred due to the recently concluded cyberattack on company systems.

,

1

Evaluation of MGM Cybersecurity Breach Exposures

Si Yu Wang

November 11, 2023

2

Executive Summary

Critical vulnerabilities were exposed by the MGM Resorts 2023 cybersecurity breach,

which had a significant financial effect of more than $100 million. The analysis highlights the

need for proactive steps by pointing out weaknesses in incident response planning and risk

management. The significance of ongoing risk assessment, comprehensive incident response

strategies, and staff cybersecurity training is highlighted by the lessons learned. The hack is a

warning story that should serve as a reminder to businesses to strengthen their cybersecurity

posture with all-encompassing plans. Protecting financial assets and stakeholder trust while

reducing vulnerability to new cyber risks requires a proactive, flexible strategy that incorporates

these lessons.

3

Table of Contents

Evaluation of MGM Cybersecurity Breach Exposures

Introduc)on ………………………………………………………………………………………………………………………………..4

Analysis ………………………………………………………………………………………………………………………………………4

Analysis of the Breach ………………………………………………………………………………………………………………4

MGM Resorts vs. Cybersecurity Standards …………………………………………………………………………………..5

Benchmark …………………………………………………………………………………………………………………………………5

Lessons Learned ………………………………………………………………………………………………………………………….5

Proac)ve risk management ……………………………………………………………………………………………………….6

Incident Response Strategy ……………………………………………………………………………………………………….6

Roadmap for Strengthening Cybersecurity …………………………………………………………………………………..6

Conclusion ………………………………………………………………………………………………………………………………….6

References ………………………………………………………………………………………………………………………………….8

4

Introduction

Serious weaknesses in the company's security system were exposed by the 2023 MGM

Resorts cybersecurity breach, which resulted in significant financial losses and highlighted

threats to sensitive consumer data (CNN, 2023). The nature of the event is examined in this

analysis, which compares it to cybersecurity best practices. Important lessons that emphasized

the need for proactive risk management and strong incident response strategies came to light.

The hack serves as a reminder of how important cybersecurity is to overall company stability.

Future cybersecurity resilience is advised to be achieved by ongoing risk assessments, staff

training, and open communication. This event is a fascinating case study that highlights the need

for organizations to strengthen their cybersecurity posture to effectively manage new threats and

protect stakeholder confidence as well as financial assets.

Analysis

Analysis of the Breach

A serious exposure was revealed by the 2023 cybersecurity breach at MGM Resorts,

which exposed a wide range of client data, including private information and critical passport

details (Techcrunch, 2023). The assault, which was carried out by the ALPHV subgroup

Scattered Spider, had a high degree of sophistication as it used skillful social engineering to take

advantage of a weakness in a LinkedIn profile. This emphasizes how important it is to have

robust cybersecurity safeguards, especially when it comes to employee data protection, which

acts as a gateway for these kinds of cyberattacks.

5

MGM Resorts vs. Cybersecurity Standards

A comparison of MGM Resorts with accepted cybersecurity standards reveals some

serious flaws. The enormous financial impact—more than $100 million—raises the possibility of

inadequacies in incident response and risk management. The cascading impact of operational

interruptions highlights the interdependence between cybersecurity and overall company

continuity, while also signifying the direct financial consequences.

Benchmark

The ongoing evolution of threat landscapes confronting organizations highlights the

complex problems associated with sustaining cybersecurity resilience, as seen by the MGM

Resorts attack (Alawida, Omolara, Abiodun, & Al-Rajab, 2022). It acts as a pressing request that

international organizations identify and resolve these weaknesses. To successfully reduce the

diverse repercussions of cyber-attacks, it is essential to build incident response strategies,

improve risk management practices, and strengthen defenses. In addition to highlighting the

urgent need for correction, the event also sparked a discussion about raising international

cybersecurity standards to protect private information and uphold stakeholder confidence in a

digital environment that is becoming more interconnected.

Lessons Learned

Organizations looking to strengthen their cybersecurity resilience may learn a lot from

the MGM Resorts hacking incident.

6

Proactive risk management

First of all, it emphasizes how important proactive risk management is. Sensitive

customer data exposure emphasizes the ongoing requirement for thorough risk assessments and

practical mitigation techniques. The exploitation of employee information using social

engineering approaches highlights the significance of continuous cybersecurity training and

increased awareness among employees.

Incident Response Strategy

Second, MGM Resorts' reaction and cleanup operations demonstrate the importance of

having an established incident response strategy (Wong, Ou, & Wilson, 2021). The choice to

forgo paying the ransom and rely on cybersecurity insurance serves as an example of how

important it is to be ready when handling a cyberattack’s aftermath. The event also highlights

how important it is to communicate openly both within and outside to preserve confidence.

Roadmap for Strengthening Cybersecurity

For organizations, these lessons provide a road map for strengthening their cybersecurity

posture. A strong incident response plan, thorough personnel training, and proactive risk

management are essential elements of a resilient cybersecurity strategy. Organizations may

improve their capacity to avoid, respond to, and recover from cyber-attacks by putting these

lessons into practice. This will eventually protect sensitive data, uphold stakeholder confidence,

and promote a more secure digital environment.

Conclusion

In conclusion, the cybersecurity breach at MGM Resorts should serve as a global

warning, highlighting weaknesses in both the technological and human sides of cybersecurity.

7

Employee awareness, incident response planning, and risk management may all be improved by

benchmarking against best practices. Organizations should adopt a proactive and thorough

cybersecurity strategy that emphasizes ongoing learning, frequent risk assessments, and a strong

incident response plan in light of the incident's lessons. Cyber threats change as technology

develops, so businesses must remain ahead of the curve by implementing strong cybersecurity

safeguards. A comprehensive and flexible cybersecurity policy is vital, as demonstrated by the

MGM Resorts hack, given the ever-changing spectrum of cyber threats. By incorporating these

insights into upcoming procedures, organizations may strengthen defenses, reduce risk, and

protect financial resources and stakeholder confidence.

8

References

Alawida, M., Omolara, A. E., Abiodun, O. I., & Al-Rajab, M. (2022). A deeper look into

cybersecurity issues in the wake of Covid-19: A survey. Journal of King Saud University-

Computer and Information Sciences.

CNN. (2023, October 5). Casino giant MGM expects a $100 million hit from a hack that led to a

data breach. Retrieved from CNN: https://edition.cnn.com/2023/10/05/business/

mgm-100-million-hit-data-breach/index.html

Techcrunch. (2023, October 6). MGM Resorts confirms hackers stole customers’ data during a

cyberattack. Retrieved from Techcrunch: https://techcrunch.com/2023/10/06/mgm-

resorts-admits-hackers-stole-customers-personal-data-cyberattack/

Wong, I. A., Ou, J., & Wilson, A. (2021). Evolution of hoteliers’ organizational crisis

communication in the time of mega disruption. Tourism Management, 104257.

  • Introduction
  • Analysis
    • Analysis of the Breach
    • MGM Resorts vs. Cybersecurity Standards
  • Benchmark
  • Lessons Learned
    • Proactive risk management
    • Incident Response Strategy
    • Roadmap for Strengthening Cybersecurity
  • Conclusion
  • References