Analyzing the MGM Cybersecurity Incident: Lessons in Social Engineering

  • Team Omega
  • October 7, 2023

In the fast-paced world of cybersecurity, staying updated with the latest developments is essential. The recent MGM data breach serves as a strong reminder that even big companies can be vulnerable.

Let us delve into the details of the MGM cybersecurity incident, focusing on the social engineering aspect, and its broader implications.

MGM’s High-Stakes Breach

The MGM hack made headlines, primarily due to its impact on a prominent organization. As a renowned casino and hospitality company, MGM Resorts held a treasure trove of valuable data. What set this breach apart was not just the data theft but the operational disruption it caused. The incident led to a shutdown of computer systems across MGM’s properties in the United States, a clear indication that it was not a minor event.

MGM Resorts, a name synonymous with luxury and entertainment, found itself in the crosshairs of cybercriminals. Hackers targeted an organization that boasted an extensive network of hotels, casinos, and resorts, all interconnected digitally. The breach not only jeopardized the security of sensitive customer data but also dealt a severe blow to MGM’s operations.

The Role of Social Engineering

The MGM breach was a stark reminder of the power of social engineering in cyberattacks. The hackers behind this incident used a sophisticated approach that began with finding employee information on LinkedIn. Armed with this data, they impersonated employees and called the MGM helpdesk to obtain credentials. This seemingly simple act of social engineering granted them access to sensitive systems.

Social engineering, the art of manipulating individuals to divulge confidential information or perform specific actions, was at the heart of the MGM breach. In a world where firewalls and encryption can be formidable barriers, cybercriminals often resort to manipulating the human element. In this case, the attackers meticulously crafted a plan that exploited the trust and helpfulness of MGM employees.

The method was deceptively simple yet frighteningly effective. By posing as legitimate employees seeking password resets, the hackers easily tricked helpdesk personnel into providing the keys to the kingdom. It highlights the critical need for organizations to train employees to recognize social engineering attempts and implement robust verification processes.

Perverse Incentives and SLAs

One intriguing aspect of this incident was the pressure on helpdesk employees to resolve incidents quickly, often driven by Service Level Agreements (SLAs). In some cases, employees might prioritize speed over security, inadvertently creating vulnerabilities. This breach serves as a cautionary tale, highlighting the need to strike a balance between meeting SLAs and maintaining robust security practices.

The incident at MGM raises important questions about the unintended consequences of SLAs and performance metrics. While these metrics are crucial for assessing efficiency and productivity, they should not overshadow the paramount importance of security. Rushing to resolve incidents without thorough verification can lead to costly breaches.

Training and Awareness

The MGM incident emphasizes the importance of training and awareness in the realm of cybersecurity. Employees are often the first line of defense against social engineering attacks. Ensuring that staff members are educated about best practices for requesting password resets and recognizing suspicious requests is crucial. Without proper training, even the most robust security systems can be undermined by a simple phone call.

Cybersecurity training should be an ongoing process, evolving alongside the ever-changing threat landscape. It is not enough to provide initial training; employees must receive regular updates and simulations of potential threats. This proactive approach can transform employees into a formidable defense against cyberattacks.

Business Continuity and Disaster Recovery

The MGM breach raises questions about the organization’s business continuity and disaster recovery planning. While MGM appeared to have contingency plans in place, it’s essential to conduct regular drills and tests to ensure that these plans are effective. Business interruptions of this scale necessitate swift and effective responses, and preparation is key to minimizing the impact.

Business continuity and disaster recovery planning go beyond drafting documents and procedures. It involves actively testing these plans to identify weaknesses and areas for improvement. The MGM incident serves as a stark reminder that a well-documented plan is only valuable if it can be executed flawlessly during a crisis. Moreover, it is important to have technologies in place that can help you bounce back quickly in the event of a disaster. If you’re interested in technology that can help your organization recover in minutes or hours instead of days or weeks, take a look at Omega Recover.

Lessons for Organizations

For businesses and organizations, the MGM cybersecurity incident offers several valuable lessons:

  1. Prioritize Adherence to Security Protocol Over Speed: While meeting SLAs is essential, it should not come at the cost of security. Encourage employees to follow security protocols even when under pressure.
  2. Invest in Training: Regular training and awareness programs are critical for educating employees about the latest cyber threats and best practices. This goes beyond email phishing training and should include voice phishing and physical security training.
  3. Review and Test Business Continuity Plans: Ensure that your Incident Response, business continuity, and disaster recovery plans are up to date and regularly tested to address various scenarios. Ideally, these should be tested quarterly but at a minimum the should be tested annually.
  4. Implement Multi-Factor Authentication: Implementing multi-factor authentication can significantly reduce the risk of unauthorized access, even if credentials are compromised.
  5. Constant Vigilance: Cyber threats are ever-evolving, and organizations must stay vigilant. Monitor the latest trends and adapt your security measures accordingly.


The MGM cybersecurity incident serves as a stark reminder that even the most sophisticated security systems can be breached through social engineering tactics. Organizations must take a holistic approach to cybersecurity, focusing on training, awareness, and disaster recovery planning. By learning from incidents like this, businesses can better protect themselves in an increasingly digital and interconnected world.

The MGM breach is a sobering example of the risks organizations face in today’s interconnected world. It underscores the critical need for ongoing vigilance, employee education, and a commitment to security that goes beyond meeting performance metrics. As cyber threats continue to evolve, organizations that heed these lessons will be better prepared to defend against the next wave of attacks.