Caesars, MGM Hacks Spur Uptick in Cybersecurity Interest by Casino Operators

Posted on: September 19, 2023, 01:16h. 

Last updated on: September 19, 2023, 06:51h.

Todd Shriber @etfgodfather Read More
Expertise: Financial, Gaming Business, Mergers and Acquisitions.

After seeing two of their rivals, Caesars Entertainment and MGM Resorts International, victimized in ransomware attacks, more casino operators are looking to shore up their cybersecurity platforms.

MGM Resorts cybersecurity attack ransom
MGM Resorts slot machines have been restored after being temporarily disabled by the casino operator following a cybersecurity issue. Following ransomware attacks on Caesars and MGM, more gaming companies are reaching out to Waterfall Solutions. (Image: Las Vegas Review-Journal) 

Those events, one of which compelled Caesars to pay the bad actors and the ongoing attack on MGM’s database, highlight the cybersecurity vulnerabilities of the travel and leisure industry and the need for that segment to embrace preventative measures.

In light of last week’s incidents, Waterfall is seeing an increase in interest from major facilities. We saw the same after the attack on Colonial Pipeline, an attack that led to sweeping new regulations from the Transportation Security Agency,” said Waterfall Security Solutions CEO Lior Frenkel in comments made to Casino.org.

Founded in 2007 and the holder of 14 patents, Waterfall is a provider of industry-level cybersecurity solutions.

Casino Operators Contacting Waterfall

Frenkel didn’t identify the companies by name. Still, he noted that in the wake of the Caesars and MGM ransomware attacks, more gaming companies, including those with “operations in the United States and the Far East,” have been in touch with Waterfall.

That makes sense because there are financial consequences to ransomware events. While Caesars hasn’t disclosed the amount one of its insurance carriers paid to a hacking group, it’s rumored to be $15 million to $30 million. For its part, MGM may have lost as much as $84 million in revenue due to an ongoing data breach that started on September 10.

“Additional risks to MGM include potential revenue losses while systems were down, reputational risk and any direct costs related to investigation and remediation. Litigation expense or liability that the company may have because of compromised data, to the extent there is any, is also a risk,” according to Moody’s Investors Service.

Frenkel noted that gaming faces some of the same cyber challenges as other industries, including addressing vulnerabilities before those weaknesses are turned against a company.

“In terms of improving security, casinos, like many other industries, need to increase awareness of their vulnerabilities, strengthen network segmentation, limit access control, and strengthen practices around patching and updates, and especially remote access,” said the Waterfall CEO.

Casino Operators Face Unique Cybersecurity Challenges

All industries are grappling with cybersecurity threats, but those issues are pronounced in gaming due to the massive amounts of sensitive consumer data casino operators are tasked with guarding. Alone, that makes casinos prime targets for hackers.

Throw in the point that land-based casinos increasingly depend on internet connectivity to power seemingly mundane tasks, such as elevators and heating and cooling, and the need to bolster cyber defenses grows. That’s vital because cybercriminals aren’t relenting and will continue upping their technology proficiency.

“Today, criminal groups are using what used to be nation-stage tools and techniques to carry out their attacks,” concludes Frenkel. “And unlike nation states, these criminal organizations go after everyone with money, using these nation-state approaches.”