
Key points:
- Panelists said many companies are underinsured when it comes to cybersecurity
- They noted that in-house IT teams more than likely do not have the ability to resolve highly sophisticated attacks as quickly as needed
A group of panelists discussed the outcome of two major cybersecurity incidents within the gambling industry last year during last week’s G2E in Las Vegas.
Panelists included Baker & Hostetler LLP attorney Ben Wanger, Fenix24 Co-Founder Heath Renfrow and Johnson, Kendall & Johnson Vice President & Cyber Practice Leader Alexandra Bretschneider, who served as the panel’s moderator.
Caesars Entertainment and MGM Resorts International experienced online ransomware attacks last year, which led to both companies issuing letters to their customers, informing them that their information might have been compromised.
Bretschneider explained during the panel that the attacks on Caesars and MGM were “unique, sophisticated and targeted,” and both attacks were conducted through social engineering using “threat actors.”
Renfrow noted that Scattered Spider stands out from other hacking companies and described the group as “sophisticated” in its methods.
He said regarding the size and operations of the group, “They are a monster organization, over a thousand individuals that are highly technical and highly skilled.”
Good to know: Both companies were targeted by Scattered Spider, a hacking group that took a total of six terabytes of data from both major operators
The panel went on to discuss how both Caesars and MGM chose to resolve the infiltration in order to recover their systems.
While Caesars chose to pay the ransom of nearly $15m to regain access to its system, MGM did not pay. Both companies were able to recover their systems, however.
Bretschneider noted during the discussion that companies that choose to pay the ransom do so as a business decision. She went on to say that there are times when paying the hackers saves the company money in the long run, and business must weigh out the pros and cons of this decision.
She added that, in either case, reaching out to experts in the field of cybersecurity is key when looking to regain control of a compromised system.
The panel ended the discussion by pointing out that making cybersecurity a priority would be advantageous to the gaming industry at large.