- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Don’t gamble with your identity verification practices
Both events showed a consistent pattern of using an employee’s identity and using social engineering to fool the IT helpdesk into providing access. According to a Reuters report, these ransomware bandits also breached the systems of several other companies operating in manufacturing, retail, and technology.
Understanding black hat attacks
Ransomware heists have become increasingly common in recent years as they have become more profitable for hackers.
The formula is well-known: black hat hackers encrypt a company’s data and demand a ransom payment for the decryption key. If the company does not pay the ransom, the hackers threaten to release the data to the public or sell it to other criminals. These cyber thieves target companies of all sizes but are often keen on enterprise organizations with valuable data.
This vulnerability is not unique to MGM nor Okta; it’s a systemic problem with multi-factor authentication. MFA, which was designed to authenticate devices, falls short in secure enrollment and recovery processes which is critical where identifying the human user is critical. This is an acknowledged limitation stemming from its original design as it wasn’t developed to address this specific challenge.
It’s worth re-mentioning that a 2022 study by security company Tessian and Stanford University professor Jeff Hancock found that employee mistakes and human errors were the cause of 88% of data breach events. IBM Security pegged that same number higher, to 95%.
In addition to the financial cost of the ransom payment, businesses can also lose revenue and productivity due to downtime and the need to recover from the attack. Ransomware heists can also damage a company’s reputation and erode customer trust.