In the digital age, data breaches have become all too common, causing significant disruptions and financial losses for companies. One of the most notable data breaches this year was the MGM Resorts attack, which not only caused serious disruptions to MGM’s business, but also had far-reaching implications for their supply chain.
The MGM Resorts attack
Hotel and entertainment giant MGM Resorts has been left dealing with serious consequences after a cyber-attack that kicked off with a fraudulent call to their service desk. The attack has reportedly led to outages of their internal networks, ATMs, slot machines, digital room key cards, and electronic payment systems. Even TV services and phone lines were taken down, with staff having to rely on pen and paper to deal with guest requests.
Data breach implications for the supply chain
Though the MGM hack was widely reported on, it isn’t a one-off case; they’re not even the first casino group to be targeted in the last few months. The consequences for MGM Resorts themselves have been covered extensively; but what about their supply chain?
If one company is targeted, it can often lead to a domino effect: what about MGM’s food suppliers, the airline companies arranging flights to Vegas, any other third parties that may have been suffered consequences of the attack just because of a working relationship with MGM Resorts?
The consequences for these parties have perhaps been somewhat overlooked, but they shouldn’t be.
- The Domino Effect
MGM Resorts isn’t just an island; it’s the nexus of a vast web of businesses, from food suppliers to airline companies. When MGM got hit, many in this web felt the shockwaves. It’s not just about MGM’s immediate business; it’s about countless third parties that faced consequences indirectly. - Vendor Data at Risk
The breach potentially exposed confidential data from numerous vendors connected to MGM Resorts. This incident flags the vulnerabilities existing within the supply chain and jeopardizes the integrity of vendor relationships. - A Tarnished Reputation
Beyond the direct financial repercussions, the specter of the attack could sour MGM’s relationship with its suppliers. Many might question the wisdom of being connected to an entity prone to such high-profile breaches. - Regulatory Aftermath
Such breaches invariably attract regulatory attention, escalating financial pressures on MGM. This could ripple down to their supply chain partners, especially if resources get redirected to address these regulatory challenges. - Cybersecurity Realignment
Post the attack, MGM Resorts is expected to funnel significant resources into bolstering its cybersecurity. While this is crucial, it could lead to resources being siphoned off from critical supply chain management initiatives. - Ripples in the Supply Chain
Beyond the immediate response, the breach can have lasting implications on MGM’s supply chain. Enhanced security protocols might slow down day-to-day operations, leading to potential inefficiencies in the supply chain.
So, what can we learn from the MGM Resorts attack?
The MGM Resorts attack serves as a stark reminder of the importance of robust cybersecurity measures. Companies must prioritize the protection of their customer and vendor data to avoid not only financial losses and reputational damage, but also disruptions in their supply chains.
Here’s a few lessons we think can be learned:
Contain impact: We all know that 100% preventing cyber-attacks is near impossible. It is therefore important to focus on prevention: in the case of a data breach, we make sure to mitigate the damage as much as possible. This means making sure that attackers cannot move from one area of your network to the other.
The Zero Trust strategy, founded on the principle of ‘never trust, always verify’, could have played a pivotal role in minimizing the damage in the MGM scenario. Not only does it protect the core enterprise, but it ensures that all connected entities, especially suppliers, are shielded from potential breaches.
business as usual?
As reliance on third-party and open-source software grows, so does the risk of supply chain attacks, where hackers exploit indirect paths, similar to thieves using a spare key, to breach systems.
Join Luca Cipriano, Lieuwe Jan Koning and Matthijs Zwart as they take a deep dive into supply chain threats:
SolarWinds
Log4j
MOVEit
Vendor Assessment: Regularly assess the cybersecurity practices of vendors and suppliers to ensure they meet your security standards. A data breach on their end, could have consequences for you as well.
Incident Response Plan: Develop a comprehensive incident response plan to minimize the damage in case of a breach and ensure a swift recovery.
Conclusion
The MGM Resorts attack is a cautionary tale that illustrates how cybersecurity attacks can have far-reaching implications on a company’s supply chain. Protecting sensitive data, maintaining trust with vendors, and being prepared to respond to incidents are crucial elements of modern supply chain management.
