Client Advisory A Tale of Two Cyberattacks MGM and Caesars
Client Advisory: A Tale of Two Cyberattacks: MGM and Caesars
The Importance of a Business Impact Analysis as Part of Your Incident Response and Business Continuity Plans
2023 November
Cyber attacks are still the center of the topic. Recent ransomware attacks against MGM Resorts International and Caesars Entertainment (Caesars Entertainment, Inc. are only two examples of continuous tasks faced by companies in defense against targetedly determined guidance. It is being. The two companies were attacked by the same ransomware group and seemed to face difficult and costly results. 1
The following is a number of conflicts:
annual salary
Blackmail
Business interruption loss
Not exactly open
Costs to eliminate conflict results
Not exactly open
Theft of information that can identify individuals
Driver's license and citizen service number information
Complete royalty program database including public insurance number
*See the following footnote 2.
Fortunately, Caesters, as well as a wide range of confusions like MGM, was also lucky (according to reports, Caesers immediately reached the contractor and paid $ 15 million. Smoothly, it did not have a significant impact on its own management, but it is likely that new costs will be incurred over time. It has been reported that it has been reported, and it seems that a large amount of transaction costs occurred.
Caesers stated: Caesers submitted to the US Securities and Exchange Commission (SEC) on September 7, 2023: "It is not possible to predict the absolute impact of this conflict on the future behavior of guests, and it is not possible to judge whether the change can have a negative effect on the guest's behavior, but in real time. We do not think it will have a major impact on the company's economic situation and business performance.
Cyber attacks are still the center of the topic. Recent ransomware attacks against MGM Resorts International and Caesars Entertainment (Caesars Entertainment, Inc. are only two examples of continuous tasks faced by companies in defense against targetedly determined guidance. It is being. The two companies were attacked by the same ransomware group and seemed to face difficult and costly results. 1
The following is a number of conflicts:
annual salary
Blackmail
Business interruption loss
Not exactly open
Costs to eliminate conflict results
Not open
Theft of information that can identify individuals
Driver's license and citizen service number information
What is Business Impact Analysis?
Complete royalty program database including public insurance number
*See the following footnote 2.
How to Conduct a Business Impact Analysis?
Fortunately, Caesters, as well as a wide range of confusions like MGM, was also lucky (according to reports, Caesers immediately reached the contractor and paid $ 15 million. Smoothly, it did not have a significant impact on its own management, but it is likely that new costs will be incurred over time. It has been reported that it has been reported, and it seems that a large amount of transaction costs occurred.
Caesers stated: Caesers submitted to the US Securities and Exchange Commission (SEC) on September 7, 2023: "It is not possible to predict the absolute impact of this conflict on the future behavior of guests, and it is not possible to judge whether the change can have a negative effect on the guest's behavior, but in real time. We do not think that it will have a major impact on the company's economic situation and business performance.
- The following is a number of conflicts:
- Blackmail
- Not exactly open
- Not open
- Driver's license and citizen service number information
Complete royalty program database including public insurance number
Conducting Business Impact Analyses in an Age of Increased Regulatory Scrutiny
*See the following footnote 2.
Fortunately, Caesters, as well as a wide range of confusions like MGM, was also lucky (according to reports, Caesers immediately reached the contractor and paid $ 15 million. Smoothly, it did not have a significant impact on its own management, but it is likely that new costs will be incurred over time. It has been reported that it has been reported, and it seems that a large amount of transaction costs occurred.
How Cyber Counsel can help?
Caesers stated: Caesers submitted to the US Securities and Exchange Commission (SEC) on September 7, 2023: "It is not possible to predict the absolute impact of this conflict on the future behavior of guests, and it is not possible to judge whether the change can have a negative effect on the guest's behavior, but in real time. We do not think that it will have a major impact on the company's economic situation and business performance.
- Why did MGM and Caesars reach different conclusions regarding the essential issue of "paying or not paying the ransom"? How will both companies conclude and how should other companies prepare if they find themselves in a similar position to MGM and Caesars?
- Perhaps the thugs threatened to publish this highly classified information on black web forums, or actually more frightening and even more notable cheap spaces. If so, this would undoubtedly put the company at risk, trusting the "honor of thieves" and actually paying the ransom for the responsibility that the data will never notice the light.
- This is exactly what MGM's CEO said in his statement, "Even if we were given the key, we would still need the same amount of time to unravel this. Let's not pay the ransom, let's go ahead. If we get through this, we should be in a completely different, better place."
- Effective risk management requires a proactive assessment of the sequential impact of a cyber incident on the organization, primarily. Business impact testing (BIA) should be a mandatory part of your Incident Response Intent (IRP)/Business Continuity Intent (BCP) because it encourages key stakeholders to keep in mind all possible loss scenarios and addresses how each scenario will lead to disruption.
- BIA is a process that evaluates security risks associated with potential system failures and guides recovery strategies to ensure business continuity during a cyber incident. Combining a PIIP with a comprehensive BIA gives organizations the best chance of minimizing the impact of a cyber incident. 7
- If your organization has not yet conducted a BIA or would like to obtain support resources, we encourage you to contact NIST/ISO to begin creating or updating your own BIA system. Conducting a BIA is a critical step in identifying risk areas and identifying paths to recover and correct history. The risk identification and analysis process should begin with identifying the types of assets likely to be affected (including resilient backups, backups, and shutdowns), determining the price and financial impact if these assets are damaged by a cyber incident, and the subsequent recovery from the conflict.
- Response and recovery systems (including definition of roles and responsibilities)
The Role of the Forensic Accountant
Response and recovery systems (including definition of roles and responsibilities)
- RUITs
- Internal and external communications for franchisees, employees, key buyers, vendors/suppliers, and regulators in all jurisdictions
- Protection of legal interests
- Notification obligations (legal, contractual, reputational).
- Provide necessary training for key employees and ensure that the BIA, IRP, and BCP are up to date. In addition to providing familiarity with the cybersecurity risk management and governance issues, such exercises give organizations confidence that their intentions align with the company’s practices and culture.
- Like MGM and Caesar, when a publicly traded company experiences a significant cybersecurity incident, it must disclose it within four business days of determining its significance, with very limited exceptions. 9 The SEC considers cybersecurity a core element of its mission and has repeatedly stated its intention to investigate and take legal action against companies with deficient cybersecurity standards and practices. The SEC's recent indictment of SolarWinds and its CISO for misconduct and internal control violations related to the company's 2020 data breach is an example of this aggressive approach. 10 Additionally, the SEC has updated its whistleblower program and announced significant bounties to encourage reporting through this channel. 11
External cyber consultants can help organizations develop thoughtful BIAs, IRPs, and BCPs tailored to their business and operational needs. As part of this work, external cyber consultants will:
Cyber Insurance
Reliable
Conduct an enterprise-wide cybersecurity risk assessment and gap analysis.
Recruitment
Providing risk mitigation strategies
{Member}
Creating a BIA, IRP, BCP - or optimizing an existing one.
To learn more contact:
{RUIT}
Developing and executing customized tabletop exercises for BIA and IRP assessments.JD{RUIT}
Educating and training for senior management and the board on cyber risk, preparedness and response, and business interruptionNS{RUIT}
Serving as an advisor on the organization's technical, legal and operational issues.
- Translating and implementing legal requirements
- {RUD}
- {Membership}
- Overview
- {Overview}
- Overview
- Overview
- The involvement of forensic accountants no longer needs to be limited to after a cyber incident has occurred. Instead, McGriff recommends including a role for forensic accountants as part of the incident response team to assist with BIA assessments.
- Many cyber insurance provide compensation for cyber spy, loss of business revenue, and heavy additional costs, but it is necessary to carefully consider insurance standards.
- When hiring an external cyber consultant, get an incentive from the insurance company. If you plan to use a law firm in the insurance company group, check and select the law firm before a dispute occurs.
- Almost all insurance contracts define the completion of the "waiting period" before the "recovery period" is completed, so the definition of the "recovery period" in the insurance contract is examined and as much as possible. It is important to comply with the guidelines. The deadline for providing loss evidence and the extended request insurance cover can include the cost of hiring a foregrant accountant if you express it correctly, so consider the proposal fee of Foregrage Accountant as part of the dispute. There is also a function. Fallenic accountants have the opportunity not only to prepare evidence of loss, but also help to conclude clearing and recovery.