MGM Grand breach: How attackers got in and what it means for security | Guest Aaron Painter

Today on Cyber Work, we’re talking about last September’s breach of the MGM Grand Casino chain, an attack that lead to a week of tech failure, downtime and over a hundred million dollars in lost revenue. The attackers were able to get in via a point that my guest, Aaron Painter of Nametag Inc, said is a common point of failure: the request for a password and credential reset from the helpdesk, and the ever-frustrating “security questions” approach to making sure you are who you are. Nametag is built to create an alternative to security questions and go beyond MFA to create a method of verification that is even resistant to AI Deepfake attempts! This conversation goes into lots of interesting spaces, including career mapping, the importance of diverse design teams and the benefits of security awareness training, plus you get to learn about an amazing piece of emergent tech!0:00 - A new method of online verification3:15 - First getting into cybersecurity and computers7:03 - Aaron Painter's work experiences 10:37 - Learning cybersecurity around the world11:32 - Starting Nametag16:25 - Average work week as Nametag CEO19:10 - Cybersecurity learning methods21:15 - The MGM cyberattack explained26:07 - MGM fail safes bad actors surpassed 29:26 - Security awareness training 31:35 - Are data breaches the new normal34:05 - How Nametag safeguards online data37:59 - AI deepfakes 40:19 - Using Nametag42:20 - How to learn AI deep fake defense44:14 - Design choices in digital identity 45:54 - Different backgrounds in cybersecurity 46:59 - Aaron Painter's favorite part of his work48:01 - Best cybersecurity career advice49:00 - Learn more about Nametag50:06 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.