(no title)

Ha, that is funny. I have literally never met a CISO who shares your confidence. Not a single one of the companies chomping at the bit can protect MGM against a multi-million dollar ransomware attack. Companies get hacked because commercial cybersecurity by the big names is useless against the modern, prevailing threat landscape of organized crime. The sum total of their ability is stopping unskilled children, and even then only sometimes.

Just ask any CISO if they would bet their job on surviving a $1M unrestricted red team exercise with a year-long timeframe. They would all be scared shitless by the thought. I bet if you asked the CISO of MGM three days before the attack: "How much would it cost to hack MGM and cripple operations?" they would answer like every other CISO I have heard answer that question and say something on the order of $100K. They know it does not work; they are there to be sacrificed and just hope it does not happen on their watch.

“ They won't make the same mistake twice and will build a comprehensive cybersecurity program, and it will succeed. Up until someone questions this cost and they forgot what they are paying for because everything was so smooth and repeat the cycle.”

You couldn’t have said it better.