On September 11, 2023, MGM Grand reported a cybersecurity issue affecting some of its systems on the Las Vegas strip. Around the same time, Caesars Entertainment reported that they too had been affected by cyberattacks. While the two giants of the Las Vegas strip were hit by the same hackers, their methods of rectifying the situation were starkly different and could have significant implications.

The hack affected many of MGM’s operations, and side-effects included hotel key cards not working and slot machines that were down. Meanwhile, Caesars Entertainment had customer information, including sensitive information such as driver’s licences and social security numbers stolen. For both casinos, the impact of these breaches was immense.

The hackers aimed to make money through ransom, and both MGM and Caesars received ransom orders. This is where the two casino giants took different paths. Caesars Entertainment paid a USD 15,000,000 (roughly CAD 20,000,000) ransom to appease the hackers. MGM meanwhile did not accede to the hackers’ demands, and experienced system shutdowns for a further 10 days during which the company lost an estimated USD 100 million (roughly CAD 136 million).

Although MGM experienced losses much more significant than Caesars, many experts in the field argue paying the ransom sets a dangerous precedent for future breaches. The hackers that breached MGM and Caesar’s systems are criminals, and there is no guarantee that there won’t be future attacks. Paying the ransom sets the precedent that hackers can extort any sum of money they desire, and companies will roll over and pay the ransom.

The only way for companies to avoid cybersecurity attacks is to beef up the defence systems they have in place. The recent attacks are said to have been carried out through a phone call with the MGM Help Desk. This practice, called “vishing” (it’s different than phishing), is something casino employees don’t receive training on. To avoid future attacks, the scope of training for employees should be enlarged, in tandem with the technological innovations companies put in place.

The recent cyberattacks are another in the long list of attacks Las Vegas casinos have faced over their history, but these latest attacks are examples of what not only Vegas casinos should but also shouldn’t do, serving as a blueprint to all companies. Giving in to hackers’ demands is the wrong thing to do for any company, and MGM’s strategy of grinding through the implications of the attack is exemplary of what all companies should do if they find themselves in the same situation.