Can Your Business Afford a Data Breach? How to Stay Prepared & Protected
In today’s climate, the costs of a cybersecurity incident are too high to be ignored. With the evolving threat landscape, such as ransomware, increased phishing attempts, and exploitation of system vulnerabilities, your business is facing even more cyber risks with each passing day.
If you overlook IT risk management, you’re ultimately taking a gamble that could cost you everything when an incident occurs. And if your company is considering a business combination, acquisition, or other significant transaction, lacking the proper IT and cyber controls could endanger your deal or create exposure to significant future vulnerabilities.
In recent weeks, MGM, Caesars, and Clorox have been rocked by cyber-attacks, significantly affecting their operations and exposure to customer data.
In the case of MGM, the attackers followed a social engineering attack armed with passwords from previous attacks, which they relied on to be frequently reused. After scouring high-level MGM management LinkedIn pages for personal data to be used in a phishing attack, they targeted the helpdesk disguised as a privileged user and managed to get the user’s multi-factor authentication (MFA) protocols changed.
Once inside MGM’s system, the attackers exfiltrated sensitive data and encrypted MGM servers, causing the system to be partially inoperable. As a result of this attack, guest hotel keys became inactive, slot machines stopped functioning properly, guests could not check in or out, and it became impossible to even make a dinner reservation. This shutdown led to an estimated revenue loss of $4.2-$8.4 million each day their system remained captured, and those are just initial estimates.
The same group of attackers targeted Caesars and gained access to the Caesar loyalty member database, agreeing not to release the information it had obtained for a ransom of $15 million, which was paid. The information stored in the affected database contained personal identifiable information (PII) and was likely made up of information such as contact information, email and mailing addresses, and even social security numbers for those who would have had to disclose tax information to obtain large jackpots from the casino.
Clorox also suffered a ransomware attack that temporarily took many of its systems offline. This forced the company to start manually fulfilling orders because its automated systems had been affected. The attack has slowed production, and product availability has taken a hit as a result. Clorox has recently restarted its automated order fulfillment process but, according to SEC filings, is struggling with product availability issues. Clorox has not reported the scope or method used in the attack and has seemingly chosen to not pay a ransom and instead build back its system from immutable data backups.
Data breaches are a serious threat to businesses. According to IBM, the average cost of a data breach in the US is the highest globally at $9.48 million, and the average time it takes to return to normal business operations after an attack is almost a year. Can your business afford a data breach?
How Centri Can Help
At Centri, our IT risk and cybersecurity advisory services are designed with your greatest assets in mind — your people. We’re here to offer you the support, resources, and expertise you need, exactly when you need it most.
Our cybersecurity advisory experts collaborate with your senior management to:
- Assess cybersecurity threats and vulnerabilities to your organization via a comprehensive risk-based approach.
- Align your internal controls with recognized industry frameworks.
- Provide valuable insight on actionable takeaways & implementation plans.
- Serve as trusted risk advisors, including developing roadmaps to address the cybersecurity challenges that are unique to your organization.
You can’t predict what will happen, but you can protect your business. Contact us to learn how we can set your business up for success.
Managing Director | IT Risk & Cybersecurity Practice Leader | CISA
Rich is a Managing Director at Centri Business Consulting and the leader of the firm’s IT Risk & Cybersecurity Practice. He has more than 14 years of combined experience in internal control consulting, IT risk, cybersecurity advisory, and risk-based internal audits and accounting. View Rich Sowalsky's Full Bio
About Centri Business Consulting, LLC
Centri Business Consulting provides the highest quality advisory consulting services to its clients by being reliable and responsive to their needs. Centri provides companies with the expertise they need to meet their reporting demands. Centri specializes in financial reporting, internal controls, technical accounting research, valuation, mergers & acquisitions, and tax, CFO and HR advisory services for companies of various sizes and industries. From complex technical accounting transactions to monthly financial reporting, our professionals can offer any organization the specialized expertise and multilayered skillsets to ensure the project is completed timely and accurately.
Eight Penn Center
1628 JFK Boulevard
Suite 500
Philadelphia, PA 19103
530 Seventh Avenue
Suite 2201
New York, NY 10018
4509 Creedmoor Rd
Suite 206
Raleigh, NC 27612
615 Channelside Drive
Suite 207
Tampa, FL 33602
1175 Peachtree Street NE
Suite 1000
Atlanta, GA 30361
50 Milk Street
18th Floor
Boston, MA 02109
1775 Tysons Blvd
Suite 4131
McLean, VA 22102
8310 South Valley Highway
3rd Floor
Englewood, CO 80112
1-855-CENTRI1
virtual@CentriConsulting.com