Tribal Gaming Regulator Chides Caesars, MGM on Ransomware Attacks

In what appears to be a clear instance of kicking them while they’re down, the National Indian Gaming Commission (NIGC) recently took some shots at Caesars Entertainment and MGM Resorts International. The jibes were regarding recent ransomware attacks on those commercial operators.

National Indian Gaming Commission
The National Indian Gaming Commission (NIGC) logo. The group boasted of strong cybersecurity protocols. (Image: NIGC)

The Washington, DC-based NIGC, which is a federal regulatory agency under the purview of the Department of Interior, believes its “defense in depth” approach to cybersecurity, while not infallible, is superior to what rival commercial operators deploy.

(NIGC utilizes) a progression of layered defensive mechanisms to safeguard data, information, and information systems,” according to a statement recently issued by the commission.

Caesars and MGM recently endured ransomware attacks at the hands of a group known as “Scattered Spider.” In a recent regulatory filing, Caesars acknowledged paying an undisclosed sum, covered by an insurance provider, to end the attack. MGM took a different approach that resulted in its employees and guests throughout the U.S. enduring 10 days of chaos.

NIGC Right on Some Issues

In the statement, the NIGC highlighted its three-prong approach to cyber security, including an emphasis on administrative, physical, and technical controls.

When it comes to cybersecurity, regardless of industry or organization, an ounce of prevention can be worth a pound of cure, and on that note, MGM’s vulnerabilities were known prior to the recent attack. Gaming operators are prime targets for cybercriminals because the companies are stewards of massive amounts of sensitive customer data, including contact and financial information, Social Security numbers, and the like.

“Cyber-related attacks impact organizations, big and small, have increased in recent years, and are not going away,” added the NIGC. “To significantly reduce risk to IT systems, it is prudent for organizations to employ a layered, redundant approach to cybersecurity.”

There could be value in commercial operators following the cybersecurity approaches deployed by tribal rivals. After all, cybersecurity companies want to generate revenue, and they’re not likely to keep a product or service away from a firm simply because it’s a competitor to an existing client.

NIGC Might Want to Consider More Tact

The NIGC is entitled to its “victory lap” in the wake of the ransomware attacks on two of its members’ largest commercial rivals. But the commission might want to consider the virtues of grace in this situation.

To date, there hasn’t been a reported large-scale cyber attack on tribal gaming entities. But Native American casinos generated nearly $41 billion in revenue last year, a number large enough to entice bad cyber actors who don’t play “favorites” when selecting targets.

Additionally, ransomware attacks are increasing in frequency, and the technology used by perpetrators is becoming increasingly sophisticated. That makes it difficult for even highly advanced cybersecurity software to bat .1000 against hackers.

Todd Shriber
Todd Shriber Financial Reporter

Todd Shriber is a senior news reporter covering gaming financials, casino business, stocks, and mergers and acquisitions for Casino.org.

Todd got his start in financial markets as a reporter with Bloomberg News. Later, he became a trader at a Southern California-based long/short hedge fund, where he specialized in the trading sector and international ETFs leading up to and during the financial crisis. He joined Casino.org in 2019.

Currently, Todd analyzes, researches, and writes on ETFs for various web-based publications and financial services firms. Shriber has been featured and quoted in Barron's, CNBC.com, and The Wall Street Journal. His work can also be found on Benzinga, ETF Daily News, ETF Trends, MarketWatch, Fox Business, and Nasdaq.com.

He currently resides in Las Vegas, where he enjoys golf and taking his black lab to the dog park. He's also an avid sports fan and likes to wager on college football and the NBA. You can also find him at the three-card poker and roulette table, even though he knows better.

Contact Todd at todd.shriber@casino.org.

Comments icon

Conversation (0)

+ Add a comment

Be the first to comment on this article.

Write a comment

Your email address will not be published.