The dazzling lights and bustling atmosphere of Las Vegas’s casinos and resorts have recently been dimmed by the shadows of cybersecurity threats. Two major players in Sin City’s multibillion-dollar casino and hospitality industry—Caesars Entertainment and MGM Resorts—have fallen victim to high-profile cyberattacks.

The situation puts a glaring spotlight on the industry’s vulnerabilities and underscores the urgent need for enhanced cybersecurity measures. It is an age where data is gold, and industries that host a wealth of customer information become prime targets for cybercriminals, amplifying the need for impregnable security protocols.

The Caesars Entertainment Cyberattack

A recent filing with the Securities and Exchange Commission (SEC) revealed that Caesars Entertainment had its customer loyalty program database breached. The cyberattack was orchestrated through a social engineering scheme aimed at an IT support contractor. Social engineering attacks, often underrated, can bypass even the most robust technical defenses by exploiting human error, making them particularly insidious.

What exacerbates the situation is the nature of the data that has been compromised. Information as sensitive as Social Security numbers and driver’s license details of a “significant number” of loyalty program members were stolen. The theft not only puts individuals at risk of having their identities stolen but also compromises the trust placed in these large conglomerates.

MGM Resorts’ Cybersecurity Incident

On the other end, MGM Resorts has been tight-lipped about the specifics of its own “cybersecurity issue,” although the symptoms strongly suggest a cyberattack. From digital key malfunctions to unusable ATMs and slot machines, the disruption has been widespread, severely affecting guests and operations. With even the FBI involved in investigations, the seriousness of the incident is clear.

The hit will impact the company’s bottom lines, and not just because of downtime. The tarnished customer trust will be difficult to deal with in a fiercely competitive market like Las Vegas. Incidents like these can quickly drive potential customers to competitors, causing long-term revenue losses.

Who Is Behind the Cyberattacks?

While it is still unclear who the exact perpetrators are, suspicion has fallen on a cybercriminal group known as Scattered Spider. Mandiant Consulting, a leading cybersecurity firm, reported that the group has been targeting casinos and hotels for some time. Interestingly, the group seems to consist of younger, less experienced hackers who are nonetheless capable of inflicting serious damage on large organizations.

What’s truly concerning is the emergence of new hacking groups like Scattered Spider, which indicates a democratization of cybercrime, where you don’t need years of experience to become a considerable threat. It also makes the cybersecurity landscape unpredictable, further emphasizing the need for robust and adaptive security measures for businesses, a need AI is quickly trying to fill.

Social Engineering Is a Growing Concern

Social engineering cyberattacks are becoming a common technique used by hackers. In fact, cybersecurity experts have expressed concerns that many organizations are ill-equipped to handle such threats. While most current security protocols focus on email-based threats, they often overlook voice or text-based social engineering tactics.

It is time for businesses, especially those in vulnerable sectors like hospitality and gaming, to broaden their cybersecurity scope. Understanding that attackers may use multiple approaches—including phone-based methods—is crucial for developing a comprehensive defense strategy that minimizes human error.

Additional Targets and Responses

In the wake of these cyberattacks, there has been a flurry of public statements from various agencies and entities. The Nevada Gaming Control Board and Gov. Joe Lombardo have been in regular communication with MGM Resorts, signifying the gravity of these cybersecurity incidents. The Cybersecurity and Infrastructure Security Agency (CISA) has also offered assistance, emphasizing the importance of collective action in these matters.

The need for a collaborative approach is critical. Cybersecurity is no longer just an IT issue; it’s a business-critical concern that demands coordinated action from corporations, regulatory bodies, and law enforcement agencies alike.

Ripples Through the Industry

The recent cyberattacks on Caesars Entertainment and MGM Resorts have sent ripples throughout the casino and hospitality industry, prompting introspection on the adequacy of existing cybersecurity measures. While these attacks serve as a wake-up call, they also offer an opportunity for the industry to bolster its defenses and for regulatory agencies to tighten their frameworks. As cyber threats continue to evolve, so must the strategies to combat them.

Originally published on Grit Daily.