Learning lessons from the MGM cyberattack
Porzio Governmental Affairs’ Barbara DeMarco looks at the repercussions of the recent cyberattack on MGM, and why companies and government must do more to protect people or risk losing trust and custom
What happens to brand loyalty when consumers lose time and money because of a problem that cannot be immediately fixed and potentially compromises personal and financial information? This is what MGM management should be asking in the aftermath of September’s cyberattack on their computer system.
Initially, MGM patrons were sympathetic, focusing on their immediate needs: “Seems like they have major problems that are getting worse. Thankfully, I checked in yesterday.” Or, “I couldn’t pay for my Starbucks with a credit card and needed coffee.”
However, after a few days, their patience waned: “They ruined my vacation.” Or, “It’s irritating to spend money at a place when things aren’t working and there’s no backup system.” And (my personal favorite), “This is a pain in the ass.”
People could not get into their rooms, elevators were not working, ATMs and credit card machines were down, and check-in was manual – and this was just on the hospitality side. Casino functions suffered mightily – sports betting was inoperable and slot machines went into tilt when players cashed out. Most devastating, however, was MGM could not guarantee that patrons’ personal financial information had not been compromised.
No wonder five class-action lawsuits were filed against MGM by disgruntled customers in the aftermath.
As someone who experienced first-hand what appeared to be a cyberattack on the US air traffic systems, grounding planes during last year’s busy holiday season, I can honestly say these situations create distrust and a lack of faith in corporations and the government that regulates them.
Hacked computer systems are a daily occurrence regardless of the industry, with phishing being the most prevalent form of cybercrime worldwide. Statista research shows that cyber losses have skyrocketed from $1.2tn in 2019 to $7.1tn in 2022.
Breaking through
I am told the MGM hackers used social engineering to infiltrate the operator’s computer system. These methods are becoming more sophisticated and tailored to the industry.
I also read hackers typically target high-profile companies that face challenges getting back online.
If this is the case, why aren’t gaming and entertainment companies putting a greater emphasis on keeping patrons’ personal and financial information secure? Especially when they know cyberattacks cause both the company’s reputation and profitability to suffer. From a policy and government perspective, why are government regulators not coming down harder on companies that put the citizens they are sworn to protect in a vulnerable position?
It makes you think.
From my perspective, it comes down to dollars and cents. Companies who traditionally employ hotel management experts, as well as take wagers and serve drinks and meals, are not as technology-minded as they should be. They are not focusing on advancements in technology, and they are not investing in rigorous, ongoing training for personnel regardless of their role in the company.
Government depends heavily on the tax revenue generated from both in-person and online gaming. As such, government officials must weigh up the pros and cons of sanctioning these companies.
This must change if corporations and the government want to engender trust, especially as the world becomes more technology-dependent. Gambling companies can no longer only worry about a patron’s physical security; they need to worry about virtual security as well.
Casinos must step back and evaluate something more than profits and delivering dividends to investors. Yes, as a company you must be profitable. However, profitability cannot be at the cost of a patron who has entrusted you to provide a safe and secure environment – both physically and virtually.
People are forgiving by nature and unpleasant memories fade. However, this only holds true if the situation does not happen again.
Barbara DeMarco is a governmental affairs consultant at Porzio Governmental Affairs, specializing in gaming, education, technology, agricultural policy, and corporate development. A trailblazer in gaming legislation, she played a key role in over three dozen bills becoming law, including those related to internet and sports wagering. DeMarco led efforts for legislation allowing an independent data center in Atlantic City for online wagering. As one of the few women nationally with policy expertise in gaming, she is a sought-after speaker at national and regional forums.