MGM Resorts and Caesars Entertainment face Scattered Spider/ALPHV cyberattack. Caesars pays $15M ransom and quickly resumes business; MGM refuses to pay, undergoes 10+ days operational downtime. Was one right? Was one wrong?
Today in health, it we're going to take a look at the MGM and Caesar's cyber attack responses. And we're going to take a look at it. An article in dark reading, it is interesting. There are different approaches and the brutal choices they had to make. My name is bill Russell. I'm a former CIO for a 16 hospital system and creator of this week health instead of channels and events dedicated to leveraging the power of community to propel healthcare forward. We want to thank our show sponsors who are investigate developing the next generation of health leaders. Short test artist, site parlance, certify health. Notable and service. Now take them out at this week. Health. Dot com slash today. Having a child with cancer is one of the most painful and difficult situations a family can face in 2023 to celebrate five years at this week health we are working to give back. We have partnered with Alex's lemonade stand all year long. We had a goal to raise $50,000 from our community. And we are up over $55,000 for the year. We want to plow through that. We asked you to join us, hit our website top right hand column. You're going to see a logo for the lemonade. Stand, click on that to give today. We believe in the generosity of our community. And we thank you in advance. , one last thing, share this podcast with a friend or colleague use it as a foundation for daily or weekly discussions on topics that are relevant to you and the industry. They can subscribe wherever you listen to podcasts. Alright, here we go. Here's the article. And do you have Caesar cyber attack responses required? Brutal choices. Dark reading is the source tens of millions of losses later. The MGM and Caesar's systems are back online. Following dual cyber attacks by the same threat actor. Here's what experts say about their incident responses. Okay. , in this instance, both were victims of a scattered cyber, , scattered spider. , cyber tax Caesar's quickly negotiated with the cyber attackers. And handed over $15 million ransom payment. Which allowed it to proceed with business in relatively short order. MGM, meanwhile, flatly refused to pay and just announced that its operations have been recovered after 10 plus days of casino and hotel operational downtime. Tens of millions of dollars in lost revenue later. While it's tempting to make a judgment as to which approach is better, any direct comparison between Caesars and MGM responses to the cyber attack as an oversimplification experts say for instance, Rob T Lee signs. Institute. Chief curriculum, director and faculty lead emphasizes that the core principle of incident response is trying to make the least worst decision. And this tends to be a comp complex decision that. Always has positive and negative, some would say brutal set of outcomes. He notes, many business decisions can go into that only once an incident is over. Can you see the different paths that could have led to different or at least worse or least worse outcomes? There's no wind in these situations, only decisions. That can prevent it from worsening. And the big question here is, should you pay the ransom was MGM, right? Or Caesar's it's complicated. Let's. Let's go on in the article. Cause it's, there's a really good article. , whether or not you pay the ransom following the cyber attack is one of those. When a no wins decisions, incident responders are forced to make under intense pressure. It's well-documented that paying the ransom does not. Guarantee data security or system recovery. Where's she at? It encourages future attacks by creating a market for these cyber crimes. But business risk decisions. Don't always turn on clear, cut choices of right and wrong. And expediency is always a consideration. Caesar's more rapid recovery post ransom might give the impression they made a better decision, says Kelly Gunther, senior manager of cyber threat research at critical start from a business continuity perspective. The decision to pay might seem effective. However, Joseph Carson, chief security, scientist, and advisor. , advisory CISSO at Delania explains that there are other complexities of play companies who take a while to mole. Their options may decide that not paying makes more sense and his experience. He says organizations only have about a four day window to negotiate with ransomware threat actors before positions become hardened on both sides. After that read somewhere, attackers tend to become frustrated. And enterprise security teams get dug into their positions as well. There's a sunken cost bias. Security researcher, Jake Williams added the further away from the incident day cybersecurity response recovery teams get the more entrenched they get in the recovery. Recovery costs are another consideration. According to Carson, if recovery is painful, but only costs a few million, that might be better choice. Be a better choice compared to an eight figure extortion payment. He adds. , let's see. You know, and actually, I guess the response also, , they go on to talk about a couple of other things here, and I think it's really interesting. They talk about. , how the response indicates their business priorities. And let me just read you a little bit of this evaluating both MGM and Caesar's overall incident response. Broadly Gunther explains that Caesar's reaction shows that keeping operations running. What's the priority while the MTM response demonstrates that the organization is willing to endure short-term financial pain for long-term cybersecurity gains. , maybe. And do you have a choice not to pay the ransom despite financial losses? My stem from a broader perspective on the implications of ransom payments, Gunther says the duration of their disruption might also reflect. A comprehensive internal review and restoration process. Ensuring all threats are fully mitigated Caesar's incident response. She adds by comparison was decisive. However, paying a ransom while providing immediate relief carries longterm considerations, going through ads. The speed of their recovery. Post-payment suggests they had robust backup and restoration processes in place, but it also raises questions about their preventative measures. Leading up to the attack. So, , it goes on there's there's more in this article. It is, , You know, it's going to be. A fascinating study, I believe. And this is going to be one that we look at w one is just how they got in is, is really fascinating to me. , you know, Caesars pays 15 million quickly resumed business, MGM refuses to pay. And they have 10 plus days of operational downtime. , that is, , that's significant. That's that's, real-world lost dollars for them. , you know, but paying the ransom, does that guarantee, , data security? Does it guarantee anything? Not really. So Cedars Caesar's might still be at risk. MGM. , going through the recovery process may have eradicated the, , the infiltration that has happened. , these are really interesting. , situations and not something that should be made for the first time when it's happening. So this is the importance of tabletop exercises. This is the importance of educating the senior leadership team, the board. To understand. , the whole concept, I just had a CSO. , round table. And the concept of if it's not, if, but when is still very prevalent and if that is true, then it is really incumbent upon us to prepare our organizations for these eventualities. You know, do we have a way to pay the ransom? Do we have, , the, you know, what. , authorities, you know, what, what sign-offs do you have to do, , to get that paid? And, , what do you do if you do pay it to ensure that you eradicate the threat in the future and all those kinds of things? So a lot of things to consider here. And I think this is a good use case actually to use. With your leadership team or your board, and just throw it out there and good article to use as well to say, you know, which way do we lean? Which way are we going? And how do we make the least worst? Decision. All right. That's all for today. Don't forget. Share this podcast with a friend or colleague. Keep the conversation going. We want to thank our channel sponsors who are invested in our mission to develop the next generation of health leaders. Short test artist site parlay it's certified health, notable and 📍 service. Now check them out at this week. Health. Dot com slash today. Thanks for listening. That's all for now.