When MGM Resorts—one of the largest hotel and casino operators in the U.S.—was hit by a ransomware attack in 2023, the world took notice. Slot machines froze, hotel check-ins stalled, and operations across multiple states were disrupted for over a week. The company reportedly lost over $100 million in revenue.

While this incident happened far away, the lessons apply to businesses everywhere—including Nigeria.

How the Attack Happened

The breach began with social engineering. Attackers reportedly tricked an MGM employee into giving up sensitive information over the phone. Using that foothold, ransomware spread across MGM’s IT systems, encrypting critical services.

The simplicity of the attack proves a harsh reality: you don’t need advanced hacking tools to cripple a billion-dollar company. Sometimes, a convincing phone call is enough.

The Key Lessons Businesses Must Learn

1. Human Error Remains the Weakest Link

Even with millions invested in cybersecurity, MGM fell because an employee trusted the wrong person.

• Nigerian businesses need regular training on social engineering risks.
• Verification protocols should require secondary approval for sensitive requests.

2. Business Continuity Is Non-Negotiable

MGM lost millions daily as guests were locked out of rooms and slot machines went offline. For Nigerian businesses—especially banks, telecoms, and hospitality—an outage could cause customer exodus and regulatory fines.

• Every business needs a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).

3. Supply Chain Risks Are Real

Many ransomware groups target third-party vendors as an easier entry point. Nigerian organizations relying on IT contractors, payment processors, or outsourced services must enforce Zero Trust policies and vendor risk assessments.

4. Customer Trust Is Fragile

MGM faced lawsuits and reputational damage. Nigerian businesses may not have the same legal exposure, but they risk losing loyal customers permanently if their data is mishandled.

What Nigerian Businesses Should Do Today

1. Enforce Multi-Factor Authentication (MFA) on all accounts.
2. Run tabletop exercises to simulate ransomware incidents.
3. Audit third-party vendors for security compliance.
4. Regularly back up data and test recovery plans.

The Bigger Picture

The MGM attack wasn’t unique—it’s part of a global ransomware wave targeting organizations of all sizes. In Nigeria, banks, telcos, and SMEs are already under constant attack. The difference between survival and shutdown often comes down to preparation.

At CyberTech Nexus, we help businesses prepare before the breach happens—through risk assessments, incident response planning, and security awareness programs.

Because when the stakes are this high, prevention is always cheaper than recovery.