MGM and Caesars Attacks Highlight Social Engineering Risks

Relying on passwords to secure user accounts is a gamble that never pays off.

The cyberattacks on MGM Resorts International and Caesars Entertainment exposed the widespread effects data breaches can have on an organization — operationally, reputationally, and financially. Although many questions around the specific attack remain, reports say that hackers found enough of an MGM’s employee’s data on LinkedIn to arm themselves with the right knowledge to call the help desk and impersonate the employee, convincing MGM’s IT help desk to obtain that employee’s sign-in credentials.

What is the root cause of this breach? This attack, as well as so many other high-profile breaches over the past few years, happened because of our continued reliance on legacy sign-in credentials like passwords and SMS one-time passcodes that can be easily given away and reused…