By now, most business owners and leaders have heard about September 2023’s MGM Resorts International cybersecurity attack. The ransomware attack not only affected the company’s website, reservations systems, and key card systems, it also included a multimillion-dollar ransom paid to attempt to release stolen data from the MGM Loyalty Club database. Large breaches like this capture headlines for days but the long-term effects can last years.
What really struck me about the breach was the way the bad actors accessed MGM’s system. It’s believed that social engineering and a simple password reset call to the helpdesk were the cornerstone of the attack. Compromising a single account is more than enough of a foothold to spread malware via email and potentially log onto a virtual, remote, or even on-premises endpoint. Without an easy way for the helpdesk to verify the identity of the person on the phone, organizations of all sizes will continue to be vulnerable to this kind of attack.
For these reasons, we have added QuickPass, an authentication and access control tool, to our existing managed cybersecurity services. A solution like QuickPass could have played an important role in averting and mitigating the impact of this kind of breach.
How does QuickPass work?
QuickPass is designed to fortify digital security and several key features support greater cybersecurity.
- Biometric Verification: QuickPass incorporates biometrics like fingerprint or facial recognition, making it difficult to impersonate employees or gain illicit access. These biometric checks fortify user identification and prevent unauthorized entry.
- End User Identity Verification: When calling our help desk, we will verify user identity through several methods like the QuickPass mobile app or email notification.
- Self-Service Password Resets: By reducing or, potentially, eliminating the need to contact the help desk for password resets, QuickPass removes the vulnerability created by that process.
- Access Control: QuickPass offers fine-grained access control, permitting organizations like yours to define precise access policies. Such controls can curtail the extent of a breach by limiting lateral movement within a network.
Improving your cybersecurity
All it took to cost MGM millions was 10 minutes’ worth of rudimentary social engineering. Putting strict processes in place around the updating of credentials, using multi-factor authentication for every single user, and requiring every employee to complete regular Security Awareness Training are all steps needed to significantly reduce the risk of a successful cyberattack.
We are making Quickpass a standard offering for our managed services clients as a first line of defense against social engineering attacks. We feel strongly that this solution will help keep our clients protected in the ever-changing cybersecurity landscape.
If you have questions about rolling out Quickpass to your organization at no additional charge, reach out to your Account Manager or Consultant. Or, if you’d like to learn more about GadellNet’s cybersecurity solutions, contact us today.