Sin City Cyberattack: Inside MGM Casino's $100M Hack
- Hagai Bichler
- Mar 23
- 20 min read
Updated: Mar 24
00;00;03;02 - 00;00;12;04
Paz Shwartz | CEO & CISO at Persist Security
They're not freedom fighters. They're terrorists and the same as hackers. You're doing something. You think that it's okay, but on the other hand, you're making so many people miserable.
00;00;12;06 - 00;00;30;06
Jeremy Ladner | The CISO Signal
Welcome to The CISO Signal, the true cyber crime podcast. I'm Jeremy Ladner. Before we dive into episode five today, I just wanted to take a quick moment to thank all of you for listening. When I started the show a few months ago, it was just me writing, recording, and editing without knowing if anyone would ever listen to the show.
00;00;30;07 - 00;00;56;19
Jeremy Ladner | The CISO Signal
So the response has been phenomenal, with thousands of you tuning in and a bunch of you even taking the time to send me personal messages about how much you're enjoying the podcast. So please keep the feedback and topic ideas coming. I love hearing from all of you, and if you haven't yet, please be sure to subscribe to the channel and follow us on LinkedIn now for episode five: Breaching Sin City.
00;00;56;21 - 00;01;28;03
Jeremy Ladner | The CISO Signal
Welcome to Las Vegas. A mirage in the desert, built on sand and the fragile currency of hope, it sells an illusion of perfect control of odds, meticulously calculated into the house that always wins in the em. Every spin of the wheel, every shuffle of the deck, every dollar exchanged under the lurid glow of neon, all of it governed by systems both seen and unseen.
00;01;28;06 - 00;02;00;02
Jeremy Ladner | The CISO Signal
The casinos here don't gamble. They calculate, and they win until the day that they don't. In September of 2023, a digital bluff called their hand and the house lost. This wasn't an attack of code and malware, but a siege of whispers and misplaced trust. The perpetrators didn't break down the doors. They used a phone call and an unsuspecting employee to open them.
00;02;00;04 - 00;02;15;11
Jeremy Ladner | The CISO Signal
Joining us on this investigation is our seasoned CISO co-host Paz Shwartz, CEO of Persist Security and a veteran of cyber defense. Welcome to the podcast. Can you tell us a little bit about yourself?
00;02;15;14 - 00;02;31;28
Paz Shwartz | CEO & CISO at Persist Security
25 years experience with IT and cybersecurity, both defensive and offensive. I don't think there is a system that I’ve never touched or seen or tried to find. What is what's make it to our tech or what's make it run. So this is me.
00;02;32;00 - 00;03;05;20
Jeremy Ladner | The CISO Signal
Excellent. Good to have you with us. Now it's time to roll the dice and begin the investigation. We are in the midst of a ceaseless war, not of bombs or bullets. A lot of breaches. Firewalls and silent incursions. The targets, our borders, our banks, our commerce and the critical infrastructure that underpins a free civilization. The enemy is cloaked in code, fueled by greed, glory, and a desire for chaos.
00;03;05;23 - 00;03;31;18
Jeremy Ladner | The CISO Signal
This is the story of the unseen protectors, the nameless generals, the CISOs chief information security officers. They are the guardians at the gate, watchers on the wall. Ever vigilant and always listening for The CISO Signal.
00;03;31;20 - 00;03;52;17
Jeremy Ladner | The CISO Signal
So this breach is interesting for lots of reasons. And at the top of that list, we get a real world, real time comparison between MGM Resorts and Casinos and Caesars, which were both attacked at the same time in the same way, likely by the same group of hackers, except that Caesars chooses to pay the ransom and MGM chooses not to pay.
00;03;52;20 - 00;04;14;05
Jeremy Ladner | The CISO Signal
As a security leader working alongside the C-suite, the board, and other key stakeholders. There is an almost impossible challenge to balance what's right for the business, what's right for the guests, what's right for the brand, and of course, what is right morally when it comes to paying criminals that are actively in the process of extorting you for ransom.
00;04;14;07 - 00;04;22;28
Jeremy Ladner | The CISO Signal
How would you size up or judge the difference between how MGM and Caesars dealt with the situation?
00;04;23;00 - 00;04;46;01
Paz Shwartz | CEO & CISO at Persist Security
I don't think that you can judge them even though if you ask me as a person, I will never pay the ransom, because I always think that if you prove once that you are paying, they will try again. On the other hand, putting myself in the same shoes as the Caesars hotel manager or hotel CEO when you have, I don't know, 2000 guests that cannot do anything…
00;04;46;02 - 00;05;01;23
Paz Shwartz | CEO & CISO at Persist Security
You need to think of them and if this will be the easy fix, maybe he took the right call to to make sure that the guests will be happy. And then let's go in, deep dive into security, see what we can fix, how we can improve our systems.
00;05;01;25 - 00;05;40;09
Jeremy Ladner | The CISO Signal
Act 1: The Call That Killed the Lights
The MGM empire stood as a monument to modern opulence and technical precision, an intricate digital nervous system humming beneath the din of jackpots and cocktail trays, reservation engines, identity providers, surveillance, AI, slot machine telemetry, even the key card access, all of it interwoven and all of it fortified. But on a quiet Sunday in early September of 2023, that machine stuttered.
00;05;40;09 - 00;06;13;18
Jeremy Ladner | The CISO Signal
And the trigger? Just a simple voice. It began as so many intrusions do not with a technical breach, but a social one. A group of cybercriminals operating under the ominous alias Scattered Spider had been conducting a surgical reconnaissance. They scraped LinkedIn, mapped organizational charts, and studied the human element with the precision of a master poker player. They were preparing a hand, not of code, but of competence.
00;06;13;21 - 00;06;46;26
Jeremy Ladner | The CISO Signal
When the time came, the voice on the other end of the line was calm and impossibly assured. It became the helpdesk. Hey, I'm locked out of my account! The voice said, can you push me through an octave? Reset? With enough jargon, enough urgency, and a dash of plausible frustration. They convinced an unsuspecting employee to surrender control. A single moment of hesitation could have stopped it, but there was no hesitation.
00;06;47;03 - 00;07;19;24
Jeremy Ladner | The CISO Signal
Within minutes, Scattered Spider was inside the digital walls of MGM. They added their own endpoint to the Okta identity platform, bypassing multi-factor authentication. From that single foothold, their lateral movement was surgical, swift and silent. They accessed internal systems that controlled digital hotel locks, payment processors, and a critical backend infrastructure. According to external researchers, they leveraged privileged access within Azure AD and vSphere environments.
00;07;19;26 - 00;07;53;00
Jeremy Ladner | The CISO Signal
In short, they knew exactly where to go and how to blend in. What followed wasn't noise. It was a suffocating silence. Slot machines went dark. Guests couldn't check in. Room keys deactivated. Restaurant systems froze. The sprawling MGM empire ground to a halt, as if a massive circuit breaker for the entire Las Vegas Strip had been flipped. The company initiated incident response protocols, but the blast radius expanded with devastating speed.
00;07;53;03 - 00;08;26;17
Jeremy Ladner | The CISO Signal
Outages persisted. Physical systems required manual override. Hotel staff returned to pen and paper while guests wandered lobbies in analog confusion. And behind the curtain, investigators realized this wasn't a one off intrusion. It was a full scale hostage crisis. Soon, a ransom demand surfaced. The amount was substantial, though undisclosed. MGM refused to pay. Their decision triggered both admiration and agony.
00;08;26;20 - 00;09;02;29
Jeremy Ladner | The CISO Signal
By resisting the ransom, they also prolonged the pain. Recovery became a months long grind. Critical systems had to be painstakingly rebuilt, not just restored. Customers vented. Revenue evaporated, and the company projected losses exceeding $100 million. All of it stemmed from a single act of persuasion. No exotic malware, no zero day exploit, just a phone call. The attackers had exploited the most human parts of the infrastructure trust.
00;09;03;03 - 00;09;24;18
Jeremy Ladner | The CISO Signal
The helpdesk employee had no malicious intent, but under pressure with the right cues they made the wrong call. And in so doing, they opened the gates to one of the most impactful breaches in hospitality history.
00;09;24;20 - 00;09;53;26
Jeremy Ladner | The CISO Signal
So this attack has this cinematic Ocean's 11 heist element to it, which makes it entertaining to talk about for sure. But obviously, if you're the Cecil responsible for MGM, you're not laughing and shoveling popcorn into your mouth, imagining George Clooney or Julia Roberts waltzing through your casino. There's some very real world ramifications of this from a security perspective that is immense, and that has got to be terrifying.
00;09;53;29 - 00;10;03;22
Jeremy Ladner | The CISO Signal
If you're sitting in that chair, what's the one part of this cyber attack that you just can't stop thinking about or playing over in your mind.
00;10;03;25 - 00;10;26;13
Paz Shwartz | CEO & CISO at Persist Security
Not verifying the request that was done? If somebody called me and asked me to reset the password, you know, it's different because we are small organizations, small country, and it's easier to control these things. There has to be a different way to verify that you're talking with the right guy. Now, there are so many techniques like spoofing from different numbers and backing it up with a WhatsApp or a text message or email.
00;10;26;13 - 00;10;48;15
Paz Shwartz | CEO & CISO at Persist Security
And you know, every cyber event needs to think back. If you're thinking this back, you say, how come the CISO of this organization didn't give any clearer directive on how to verify somebody over the phone? If you assume that you're talking with somebody, you need to make sure that you're talking with the right guy. So if you're calling me and say, listen, guy, I'm talking from IT, I have this problem, blah, blah, blah.
00;10;48;15 - 00;11;07;17
Paz Shwartz | CEO & CISO at Persist Security
I need you to erase. I'm sorry. Who are you? Where are you calling from? And all this standard verification is the problem itself because it's all information that is available outside. You can find it on LinkedIn. You can find it in any OSINT trip that you take. You can find who he’s reporting to, what is his phone number, where he lives, where his office is.
00;11;07;20 - 00;11;23;22
Paz Shwartz | CEO & CISO at Persist Security
And this is something that's reduced the level of stress when you call in to the victim because you think that you know him. This is one of the things that the CISO was supposed to know, that this is public information. You can find it all over the place. You need to have a different mechanism, how you verify if you're talking with the right person.
00;11;23;25 - 00;11;48;27
Jeremy Ladner | The CISO Signal
So it seems to be more and more common in high profile cyberattacks that hackers try to cloak their crimes in some sort of noble Robin Hood type of claim, like the casinos are not playing fair. So we, as the great global citizens that we are, are going to rob from the rich to teach them a lesson. And they are the evil capitalists and we are the activists fighting the good fight.
00;11;49;00 - 00;11;50;28
Jeremy Ladner | The CISO Signal
What's your take on that?
00;11;51;01 - 00;12;11;24
Paz Shwartz | CEO & CISO at Persist Security
Come on they’re hackers. And if there is one thing that I learned in my years of experience in this world, hackers don't have a conscience. They don't really have a conscience. If they had a conscience, they would never do this because you cannot say, okay, we did it because of the MGM corporate and the casinos and the stocks and whatever.
00;12;11;27 - 00;12;35;05
Paz Shwartz | CEO & CISO at Persist Security
But eventually the hurting, the old lady in the wheelchair, trying to get into the room because she needs her medicine. So you cannot manipulate this like that. It's like saying about terrorists that they are freedom fighters. They're not freedom fighters, they're terrorists. And the same with hackers. You are doing something you think is okay, but on the other hand, you're making so many people miserable.
00;12;35;07 - 00;13;05;28
Jeremy Ladner | The CISO Signal
Act 2: The Gamble
Welcome to the inner sanctum of the breach. The smoke-filled back room where reputations were wagered and a digital empire was rolled by the faceless voice. Cloned ghosts of Scattered Spider. In the weeks before the attack, MGM’s cybersecurity posture was a fortress of silicone and code. Firewalls stood sentry. Endpoint protection hummed like a low frequency choir.
00;13;05;29 - 00;13;39;06
Jeremy Ladner | The CISO Signal
SIEM dashboards glowed like neon prophets, predicting everything but what mattered most. The illusion of control was almost perfect. And yet what unraveled them was not a sophisticated zero day. It was something older, simpler, more human. It was misplaced trust, abused, manipulated, and imitated. It began with a phone call, or perhaps several. The precise number remains uncertain, shrouded in NDAs and the silence of legal documents.
00;13;39;08 - 00;14;11;25
Jeremy Ladner | The CISO Signal
But what is widely reported is this: Scattered Spider, an advisory group whose members are reportedly so young they're still mastering algebra and drivers ed., used social engineering to impersonate MGM employees. Their target was the helpdesk, the often overlooked portal into the heart of any enterprise. From there, it was a swift surgical campaign of lateral movement, privilege escalation, and credential theft.
00;14;11;27 - 00;14;44;01
Jeremy Ladner | The CISO Signal
Administrative credentials became skeleton keys to the kingdom. The method was a hauntingly modern take on an old crime: vision or voice phishing, with a terrifying twist. In some accounts, they were not just impersonating but imitating, leveraging AI assisted voice clones. They took the digital ghosts of real employees and used them as an unknowing accomplice. The result was a symphony of silence.
00;14;44;04 - 00;15;18;19
Jeremy Ladner | The CISO Signal
Slot machines went dark, hotel room doors stopped responding, point of sale terminals stalled like rigged roulette wheels, digital check ins collapsed. Guest queuing at a state of analog confusion. An empire of entertainment reduced to static and unsettling quiet. Across Las Vegas Boulevard, a different hand was being played. Caesars entertainment was breached at nearly the same moment, likely by the same group, but Caesars chose a quieter path.
00;15;18;22 - 00;15;59;02
Jeremy Ladner | The CISO Signal
Allegedly, they paid the ransom, a reported $15 million. Their systems barely flinched, their guests barely noticed, and their shareholders remained calm. MGM, by contrast, refused to pay. Was it pride, corporate policy? Or maybe a calculated risk? The motivations remain speculative, but the outcome was not. Analysts estimate MGM's losses reached an estimated $100 million, not just from systems down downtime, but from the trust eroded, the brand damaged and the relentless stream of questions.
00;15;59;06 - 00;16;31;25
Jeremy Ladner | The CISO Signal
And yet, for all the headlines and shareholder angst, the most chilling image may be this: a casino floor gone dark. No bells, no words, no whistles and no winners. Just a silence that screams of loss. In the end, the most valuable chip in the digital casino is not data, but the human element. And in this particular game, it was always in play.
00;16;31;27 - 00;16;50;18
Jeremy Ladner | The CISO Signal
We love making this podcast, and we really hope that shows in the care and quality that we invest in it, and we would really appreciate it if you could take a moment to like and share it with your fellow security professionals. As well as dropping us a comment, letting us know what stories and guests you'd like to have on the podcast in future episodes.
00;16;50;20 - 00;16;54;04
Jeremy Ladner | The CISO Signal
Now back to the story.
00;16;54;06 - 00;16;58;15
Jeremy Ladner | The CISO Signal
So what is your biggest fear when you see a breach like this?
00;16;58;18 - 00;17;18;17
Paz Shwartz | CEO & CISO at Persist Security
What kind of damage they can do with what they already got? Okay, so let's say that they got into the receptions and they know their names and addresses and signatures of all the guests that were in this hotel and God forbid, the credit card or somebody else if they're not using PCI as a proxy. What kind of damage this can cause.
00;17;18;17 - 00;17;41;17
Paz Shwartz | CEO & CISO at Persist Security
Now, keep in mind this was two years ago. Maybe they still have some kind of information, who knows, even now. Let me take you back to the lingering glitch that later on they discovered, that they had so many caches, passwords, and everything else. So once they are in, you don’t know where it will end. The fear is that they will take something they already have and try to manipulate it later on.
00;17;41;20 - 00;18;07;06
Jeremy Ladner | The CISO Signal
Okay, so let's examine the breakdown with the help desk a little bit closer. I want you to imagine that MGM calls you in as an expert to train and advise their in-house team after the attack. Where would you focus your attention? We’re talking about helpdesk processes, company culture and cyber threat awareness, maybe some more advanced threat training or some combination of all.
00;18;07;09 - 00;18;32;09
Paz Shwartz | CEO & CISO at Persist Security
It's a combination of all. It's a combination of all. First, I think that any kind of major corporate needs to train for social engineering. Now, I know that today's training is different than what we used to have. Let's go back to basics. And I think basics is good. Let's leave all the technology and phishing campaign and whatever because it's not going to work like this in today's world.
00;18;32;09 - 00;18;55;16
Paz Shwartz | CEO & CISO at Persist Security
It's going to be a combination of several things. For example, in Persist we do phishing campaigns, but we are doing the phishing campaign after we gave our clients the milestones to know what is a social engineering attack. We are sitting with them for two hours, showing them how we can break into this phone, and how can I manipulate them from the personal side, from their personal phone, to do something to help me to get into the company?
00;18;55;17 - 00;19;21;28
Paz Shwartz | CEO & CISO at Persist Security
So this is one of the basic steps to do the training and to do the training good. The second thing is to find some kind of a mechanism that will give the help. This or the support the option to 100% recognize who they're talking with. If it's an employee number that's supposed to be classified. If it's a token or any kind of a system, that will give them the option to verify that they're cooking with the right person.
00;19;22;00 - 00;19;40;15
Paz Shwartz | CEO & CISO at Persist Security
Even today, when we are spoofing a phone number and we are calling somebody and we present a different number on the phone where we are calling, if you will call back even today, there is a way that I can manipulate this. Follow me or other things that can throw him back to me. So you need something else.
00;19;40;15 - 00;20;00;08
Paz Shwartz | CEO & CISO at Persist Security
You need something like maybe a personal key. You know, it's all coming back to basics. Personal keys. Even Microsoft. Passwordless. It's not passwordless. It's a physical key. So we all going back to basics. If you have something that is running, don't try to change it. So this is exactly this. Find a way to identify the person.
00;20;00;09 - 00;20;18;01
Paz Shwartz | CEO & CISO at Persist Security
If it's a physical key, if it's an employee number or something, this cannot be public. And when you're training them and say, okay, this is your badge and you have your number in here, you cannot post it online. You cannot give it to anybody else. It's like your Social Security. And this will help you to identify who you're talking with.
00;20;18;03 - 00;21;01;22
Jeremy Ladner | The CISO Signal
Act 3: Cashing Out
The breach was public, the damage visible, but the most devastating effects were the ones no sensor could detect the fear, the uncertainty and the slow, creeping erosion of confidence. For MGM Resorts, the aftermath wasn't a sprint. It was a staggered crawl through reputational quicksand. Headlines rolled out in waves, each more damning than the last systems down, customer data compromised, casino floor frozen social media was a digital theater of the absurd, with videos of slot machines, looping error messages and frustrated guests waiting in unmoving lines.
00;21;01;26 - 00;21;31;13
Jeremy Ladner | The CISO Signal
The digital magic of Vegas turned suddenly, brutally analog, but beneath the hashtags lay a deeper truth. The breach was a blueprint, a proof of concept, a flashing neon sign to every criminal group with a laptop and a grudge that this was how it could be done. Social engineering wasn't just alive, it was thriving. The human layer of defense, long considered the weakest link, had once again proven its fragility.
00;21;31;18 - 00;21;59;13
Jeremy Ladner | The CISO Signal
The attackers didn't need zero-day or elite malware. They needed voices, convincing ones with a few phone calls, a handful of details and a well-practiced script. They broke through because someone on the other end believed them. In the postmortem, that detail was more chilling than any technical vector. It worked because it was simple. And so the real fallout wasn't just financial, though that too was staggering. MGM's Q3 earnings took a hit. Analysts slashed forecasts, cybersecurity insurance premiums climbed, and lawsuits loomed. Class actions were filed alleging negligence and safeguarding customer data, and the SEC came knocking. Shareholders demanded answers. Regulators probed and every boardroom conversation now had a new elephant at the table asking questions like how do we make sure we're not next?
00;22;30;24 - 00;23;00;15
Jeremy Ladner | The CISO Signal
Meanwhile, in quiet corners of the internet, Scattered Spider basked in infamy. Forums and telegram groups whispered their name with a reverence usually reserved for mythological figures. These were no longer mere teenagers. They were cyber folk heroes, symbols of audacity in a world governed by trust and guarded by call centers. Caesars, who had chosen the ransom route, remained largely unscathed, at least publicly.
00;23;00;17 - 00;23;32;07
Jeremy Ladner | The CISO Signal
But that route carried its own moral hazard. Pay once and you may be targeted again. The message, however unspoken, was received. Sometimes the cost of silence is lower than the cost of resistance. And what of the public? They watched from their phones, unsure where to place their anger, at the hackers, at the corporations, or perhaps at the creeping realization that no system, no matter how sophisticated, is truly safe.
00;23;32;14 - 00;24;04;24
Jeremy Ladner | The CISO Signal
What once felt like isolated incidents now feels like an unending tide washing up against the digital shores of daily life. This wasn't just a bridge. It was a high stakes hand. And MGM was the unsuspecting mark. The attacker didn't play the game. They played the player. And when the chips fell, the house didn't just take a hit. It teetered from the edge of the abyss.
00;24;04;27 - 00;24;14;17
Jeremy Ladner | The CISO Signal
Okay, let's stick with the helpdesk for a second here. Do you think that most organizations are still underestimating the level of potential threat that their helpdesk represents?
00;24;14;19 - 00;24;36;22
Paz Shwartz | CEO & CISO at Persist Security
Yes. It’s like a supply chain attack. I saw a graph about which person is most likely to be targeted by social engineering in a corporation. It usually starts with the CEO, then finance, and then IT. And if you think about it, the CEO is targeted because he is the one making the decisions.
00;24;36;22 - 00;24;55;17
Paz Shwartz | CEO & CISO at Persist Security
He can decide what to do, he defines everything with the money and holds the key to the money. IT is holding the keys to everything. That’s why they are the most targeted people in an organization when it comes to social engineering. So the CISO is supposed to know this, and to make sure you give the right training to the right people, not just general training, but also things like spoofing or phishing.
00;24;55;17 - 00;25;01;16
Paz Shwartz | CEO & CISO at Persist Security
It's going to be a deepfake in a video call. Give them the tools to make sure that they can confront it.
00;25;01;18 - 00;25;09;11
Jeremy Ladner | The CISO Signal
Do you remember the moment you first heard about the MGM breach? What was your initial reaction or take away as a CISO?
00;25;09;14 - 00;25;32;13
Paz Shwartz | CEO & CISO at Persist Security
If there is a doubt, there is no doubt. And this is something that I was sitting and thinking, how come it was so easy to go over the security mechanism that they put in, and how can they didn't think about if somebody will try to impersonate somebody else. I even remember back then when I was leading it and we have a contract or something else.
00;25;32;13 - 00;25;54;11
Paz Shwartz | CEO & CISO at Persist Security
This is for two-factor authentication, MFA, and these kinds of things. I always had a certain password between the company I worked for and the vendor I was working with, so nobody could impersonate someone else. And I was amazed how big an effect that had. Let’s say they already hacked HR, okay, then they will try to go to finance.
00;25;54;11 - 00;26;17;11
Paz Shwartz | CEO & CISO at Persist Security
They will try to go to the file server. But they didn’t. They stopped the operation of this hotel, this resort, and it was all because of one stupid phone call. Nobody even checked what this guy wanted and why he was calling. Nobody thought, maybe let me call him back, let me try to call IT support from the number that I know. And we as a company, even in security, we are experts in social engineering.
00;26;17;13 - 00;26;37;10
Paz Shwartz | CEO & CISO at Persist Security
And there are so many ways this can happen, by phishing, by a phone call, or text messages, or anything else. And most of the time it’s even a combination of several different tactics. So I will call, then I will text, or I will WhatsApp somebody else. But the main rule is always, if you have a doubt, call them back.
00;26;37;17 - 00;26;53;08
Paz Shwartz | CEO & CISO at Persist Security
If you're getting this in a text message, close the text message, open the app, or call the person. Oh, and you know, as we are going downstream, it’s going to be more and more difficult because today we have AI and we have deepfake and we have other things. So it's a very, very challenging puzzle.
00;26;53;12 - 00;26;56;18
Jeremy Ladner | The CISO Signal
Thank you so much for the conversation. I really appreciate it. It was great talking to you.
00;26;56;23 - 00;26;59;29
Paz Shwartz | CEO & CISO at Persist Security
Thank you so much.
00;27;00;04 - 00;27;34;28
Jeremy Ladner | The CISO Signal
And now our conclusion. Winners and losers. When a city built on deception falls for a lie, the irony writes itself. But the truth behind the MGM breach isn't poetic. It's procedural because breaches rarely begin with alarms. They don't announce themselves with blinking red lights or cinematic break ins. They start quietly with overlooked policies, with rushed training, with a culture that trusts too much, too quickly.
00;27;35;04 - 00;28;09;27
Jeremy Ladner | The CISO Signal
And when the con lands, what matters most isn't what you've built, but how you behave. MGM responded with urgency. They isolated systems, called it experts, and owned their failures in public view. They didn't pay the ransom. They took the hit financially, operationally and reputationally. Their choice became a statement, for better or worse. Caesars responded differently. They moved quietly, paid swiftly, and resumed operations without public spectacle.
00;28;09;28 - 00;28;39;22
Jeremy Ladner | The CISO Signal
Their choice became a blueprint for better or for worse. These are not good versus evil decisions. They're risk matrices rendered in real time. And in a world where attackers move faster than policies evolve. Both responses reveal something uncomfortable. Even the most mature organizations are vulnerable not just to breach, but to indecision. For CISOs, the question is no longer.
00;28;39;22 - 00;29;07;20
Jeremy Ladner | The CISO Signal
If the breach comes, it's what kind of breach narrative are we prepared to author? Will it be one of delay damage, in denial or of poise, precision and recovery? Because in the end, cybersecurity isn't a department. It's a discipline. It's the instinct to ask twice and to verify once more, to slow the chain of trust just long enough to see what's hiding in its links.
00;29;07;26 - 00;29;38;15
Jeremy Ladner | The CISO Signal
And maybe that's the uncomfortable legacy of what happened in Vegas. Not the outage, not the ransom, but the stark reminder that we are just defending networks. We're defending decisions. Decisions made by people with passwords, by teams with priorities, and by businesses with everything to lose. And all it takes is one voice not shouting, not hacking. Just asking politely.
00;29;38;18 - 00;29;51;06
Jeremy Ladner | The CISO Signal
And so we must remain vigilant and always listening for The CISO Signal.
00;29;51;08 - 00;30;17;28
Jeremy Ladner | The CISO Signal
All episodes are based on publicly available reports, post-mortems and expert analysis. While we've done our best to ensure accuracy. Some cybersecurity incidents evolve over time and not all details have been confirmed. Our goal is to inform and entertain, not to assign blame where facts are unclear. We've used cautionary language and we always welcome your corrections. Thanks for listening to The CISO Signal.
Comments