MGM Resorts Cyberattack:
Lessons Learned and the Wider
Implications for Access Security
Cybersecurity breaches are common in today's digital economy, and their effects can be severe. MGM Resorts is one of the first companies to file an official disclosure with the Securities and Exchange Commission, reporting a cybersecurity incident last week. Not long after the announcement, the major credit rating agency Moody's warned that the security breach could negatively affect MGM's credit rating, saying the attack highlighted "key risks" within the company.
To make the situation worse, this is not the first time MGM has found itself on front-page news with security issues. In 2020, the personal information of over 10 million MGM visitors surfaced on a hacking forum after their data had been extracted during the summer of 2019.
The MGM Resorts cyberattack emphasizes the complexity and the necessity of access security and the importance of automated access controls to detect and manage security risks.
Privileged Access Management & Database Monitoring
Unified Privileged Access Management is a key capability that could have helped protect MGM from its recent attack. The incident illuminated the vulnerabilities associated with privileged accounts, which are accounts with elevated permissions and privileges.
In MGM Resorts' case, bad actors likely targeted these privileged accounts to gain control over critical assets, reinforcing the need for comprehensive PAM solutions.
What can you take away from the MGM attack? The first takeaway is to extend your PAM strategies beyond network-level security to encompass your entire technical stack. This approach ensures that all your components, including servers, applications, and databases, are subjected to stringent access management policies. Doing so can fortify possible entry points, reducing your overall attack surface and strengthening your security posture.
Achieving this level of access security requires automated policy-driven systems instead of manual processing of access through the Help Desk to fulfill access requests. Your Help Desk lacks the capability to handle access requests securely. Access requests must be routed through the centralized PBAC system and logged to ensure they undergo the necessary checks before access or credentials are granted.
Automated systems enforce access policies based on predefined rules and user roles, ensuring that privileged access is granted only when necessary and under specific conditions. This streamlines your access request process and minimizes the likelihood of errors and malicious actions.
However, PAM alone is not enough. Database monitoring is critical in PAM systems, especially when storing your customer data. Databases serve as prime attack targets because of the sensitive information they store. Continuous monitoring of your databases is integral to detecting and responding to unauthorized access, data breaches, or suspicious activities. Policy-based PAM solutions offer database monitoring tools, enabling you to track real-time changes, access patterns, and potential security breaches. This approach allows you to take immediate action to mitigate security threats and safeguard the integrity and confidentiality of your data.
The MGM cyberattack is a wake-up call. It emphasizes the need to invest in PAM solutions with database monitoring capabilities. This fusion of PAM and database monitoring strengthens security, protects data, and mitigates risks of interconnected digital systems.
Policy-based access control and database monitoring are indispensable components of an effective PAM strategy, ensuring only authorized users access your privileged accounts and sensitive data. Implementing these measures may be what stands between you and an SEC disclosure.
Integrating IGA, AM, and PAM creates a central hub of policy, governance, and enforcement of identity security. With an integrated policy-based approach, a privileged access request can be managed within the organization’s IGA policies.
Detect the attempts of unauthorized individuals, unusual identity, and privileged account behavior to protect the modern digital enterprise from security threats, misuse, and data breaches.
Many organizations grapple with IGA processes, like creating and managing roles, assigning and reviewing access entitlements, and handling access requests. The primary cause is that organizations follow the wrong approach to IGA, particularly around creating and managing roles.