MGM Cyberattack Emphasizes Need for Layered Digital Defenses

The odds are stacked in favor of increasingly bold and sophisticated cybercriminals, as 美高梅国际酒店集团 International and Caesars Entertainment learned back in 9月ember. This means organizations need multiple layers of defense and heightened vigilance against cyberattacks.

美高梅国际酒店集团, which owns and operates multiple hotels/casinos in Las Vegas, 包括贝拉吉奥酒店, 曼德勒湾和卢克索, 还有全国各地的其他房产, reported a “cybersecurity issue affecting some of the company’s systems” on Sunday, 9月. 10在社交媒体上发帖. 

The issue prompted MGM to take some of its systems offline while it dealt with the intrusion and worked with law enforcement. 结果是, 客人不能使用数字酒店房间钥匙, 赌场赌博被关闭, 酒吧和餐馆只能接受现金, and MGM hotels could not accept new reservations, 根据新闻和社交媒体报道. 截至9月9日星期一. 11, 米高梅表示，系统已再次“正常运行”,” but reports of business disruption—and disgruntled guests—continued over the coming weeks.

鉴于这一大规模事件, it’s evident that no organization is immune to cyberattacks, subsequent business interruptions and related losses. 像这样, organizations should make it a priority to assess their current risk management practices and make adjustments as needed to help foster a strong cybersecurity posture. This may entail adopting both technical and operational safeguards (e.g., 更新的威胁检测软件, 高级访问控制, routine staff training and in-depth cyber incident response planning). 

Businesses Increasingly Encountering Coverage Exclusions for Wrongful Collection of Data

A growing number of businesses have begun leveraging biometrics, pixels and other tracking technology to gather personal information from stakeholders for various HR, advertising and marketing processes; however, 这样做会带来一些数据隐私问题. 例如, businesses that neglect to comply with applicable international, 联邦和州立法(例如.g., 《梅高美集团4858》, the Health Insurance Portability and Accountability Act, the Biometric Information 隐私 Act and the California 隐私 Rights Act) when collecting, processing and storing stakeholders’ data could face substantial regulatory penalties, 昂贵的诉讼和相关的网络损失.

加剧的担忧, cyber insurance carriers are increasingly excluding coverage for losses caused by the wrongful collection of data, leaving businesses largely unprotected against this exposure. 记住这一点, it’s critical for businesses that leverage tracking technology to maintain compliance with relevant data privacy laws and make it a priority to obtain stakeholders' consent before using their personal information, thus keeping associated cyber losses to a minimum. 

防范狐狸精的小贴士

“Doxxing” is a type of cyberattack that results in the collection and exposure of sensitive information that could damage the credibility or reputation of a person or an organization. 与阿霉素, 网络罪犯的目标是破坏, 收集和公开文件, 通常缩写为“docs”.” This is usually done with the purpose of either harassing, blackmailing or embarrassing the target. Sometimes, doxxing may even be part of the hacker trying to get revenge or incite physical harm.

在一次xx攻击中, a cybercriminal may use any of a number of possible methods to gain access to sensitive records. These can vary greatly and include leveraging compromised IP addresses, 破坏保护不力的Wi-Fi网络, stalking social media profiles or even using cellphone numbers to learn targets’ personal information.

以帮助防止潜在的doxx事件, it’s crucial for businesses to implement and enforce the following cybersecurity practices:

• Require employees to create strong passwords with a variety of letters, 数字和特殊字符. Have employees use different passwords across their work platforms and accounts.
• Prohibit employees from connecting their devices to untrusted or unprotected Wi-Fi networks.
• Keep software for workplace technology up to date, and avoid installing any unapproved software.
• Implement virtual private networks when possible in order to conceal employees’ IP addresses.
• Instruct employees to steer clear of suspicious websites, 警惕网络钓鱼邮件, avoid using their work email for personal reasons and refrain from sharing private information on social media. These policies should be followed by all employees, 包括领导, 他们是否在办公室工作, 远程, or with company technology or personal devices. 

网络风险 & Liabilities newsletter is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. ©2023 Zywave, Inc. 版权所有.