This week at G2E, Gaming America was in attendance at MGM Resorts CEO Bill Hornbuckle's keynote, where he mentioned the elephant in the room - the cyberattacks.
When speaking on the recent cyberattacks, the MGM Resorts CEO bullishly stated, “We are proud of what we did, we didn’t pay the ransom.”
Despite not relenting to the ransom and having protocols in place, there was still an element of panic.
Hornbuckle described the event that took place, stating “We found ourselves in an environment where for the next four or five days, with 36,000 hotel rooms and some regional properties, we were completely in the dark.
"I mean, literally, the telephones, the casino system, the hotel system - and I could go on and on and on - were not functioning. And so, you know, you put the company to the test.”
When asked by the interviewer what he would have done differently, Hornbuckle highlighted how the hack was socially engineered as they have two call centers; one general one and one for technical problems. The technical problems call center was the one that had been socially engineered by the hackers.
Hornbuckle stated, “How that process works going forward needs to be rethought and redone. That’s the lesson.”
He continued, “The way that you structure your environment. If they get into one, they don’t get into all, it's critical architecture. That is probably the second largest takeaway.”
However, despite the hack, MGM Resorts managed to keep some things secure and safe. The CEO clarified, “In our example, one of the things we were able to protect was banking information, credit card information; nothing got out. And so, even despite the scale of the hack we had, that kind of information didn’t get out.”
Fortunately, with large companies such as MGM Resorts, insurance often covers mishaps like the above.
Hornbuckle gratefully claimed, “We protect data and we find ourselves now, a couple of weeks into this thing, fully functioning. We have all our commercial systems back. This is probably going to cost us in the range of $100m. It is covered by cyber insurance. Thankfully.”