Letter from the CEO – September 2023

By now, most of us are familiar with the recent MGM cyberattack that took place this month. For those who might have missed the news, MGM Resorts made headlines on September 11th when they disclosed a significant “cybersecurity issue” that had impacted some of their systems. In response, they took the necessary step of shutting down certain operations to safeguard their systems and data. In the wake of this move, there were numerous reports of inconveniences, including extended check-in times, malfunctioning door cards, handwritten receipts for winnings, and even physical slot machines that had been powered off. The repercussions of this attack were

felt for a full 10 days, impacting multiple hotels, including MGM Grand, Aria, and Bellagio. Astonishingly, just a week later, Caesars Entertainment revealed that they too had fallen victim to a cyberattack four days prior.

This may read like the plot of the next “Ocean’s” movie, but regrettably, it’s far from fiction. Instead, it’s a stark reminder of the ever-growing digital threats we face in an interconnected world.

You might be wondering how a company as heavily regulated as MGM Resorts, with a substantial security budget, could succumb to such an extensive breach. The answer is surprisingly simple: humans are part of the equation. Reports suggest that the hackers leveraged publicly available social media information and employed a well-executed form of social engineering known as “vishing” (voice phishing) to manipulate humans into granting them the access they needed.

While it may seem like a unique occurrence relegated to the world of Las Vegas, the truth is that similar incidents are unfolding in businesses neighboring yours on a daily basis. Over the past three years, we’ve witnessed a slew of security breaches that have had a profound financial impact on small businesses in our region. In fact, just last week, another small business breach was detected, serving as the catalyst to write this article.

As you read through these words, you might be experiencing feelings of frustration, vulnerability, or anxiety over the thought of such an attack targeting your business and whether your organization could survive such an ordeal. While there’s no foolproof solution that can completely eradicate these threats, there are vital steps we must all take to protect ourselves.

Effective cybersecurity operates on the principle of layered defense. Many of us have already taken commendable measures, such as providing our employees with robust security training, deploying next-generation Endpoint Detection and Response (EDR) systems, and implementing email filters to screen for malicious content. However, there exists another layer of defense that can further shield us in case attackers bypass those initial defenses—an approach known as Managed Detection and Response (MDR), overseen around the clock by a professional Security Operations Center (SOC).

A well-implemented MDR, managed by a SOC, harnesses advanced cyber technology and the expertise of trained cyber professionals who continuously scan your environment, actively seeking out hackers, isolating them, and swiftly remediating any damage resulting from a network breach.

Returning to the incident I mentioned earlier, the one that prompted me to share these insights with you—it involved a client of Pegasus. Despite having multiple security layers in place, a malicious actor found a way to breach their defenses. Fortunately, this client had a fully managed MDR solution in place. The moment the attack was detected, the targeted computer was promptly taken offline and isolated from the network. This swift response was the crucial difference between a minor incident and a major security breach making headlines.

At Pegasus, we understand the financial strain that cybersecurity is placing on small businesses because we are one, but the alternative has a significantly more negative impact. If you’d like to learn more about how an MDR+SOC solution can safeguard your business or nonprofit organization, please don’t hesitate to reach out to us. We care about our clients and believe so strongly in this additional layer of protection that we are committed to working with you to find a price point that ensures you don’t become another statistic. Successful attacks further enrich and embolden cybercriminals. We are tired of seeing so many local victims of cybercrime, and we want to do everything we can to help prevent you from becoming the next victim.