Leader's Digest #86 (April 2024)

Outsourcing vs. Insourcing:

Choosing the Best Organisational Solution

Choosing between outsourcing vs insourcing can vary depending on the specific needs and circumstances of an organisation. A study by Deloitte in 2023 listed key pros and cons of outsourcing and insourcing, ranging from reducing operational costs to providing fast responses to market/organisational needs.

Insourcing is the process of delegating jobs, projects, or operations to people or teams within a corporation, as opposed to outsourcing them to outside sources. Under this strategy, tasks like IT or customer service that are traditionally outsourced are carried out utilising internal teams and competencies. Outsourcing, on the other hand, is an organisational practice that allows the management to hire a third party that could offer services on the organisation’s behalf. Upon agreement, the third party or the service provider arranges the staffing and technological resources needed for the client company.

People may give mixed views about outsourcing vs. insourcing, yet surely both business models provide certain pros and cons, depending on the expertise required. Although insourcing can create more aligned values and strengthen internal team skills, it can be more costly than outsourcing. Most importantly, both choices surface because of the requirement for organisations to be more agile to withstand the everchanging world today.

The choice between being insourcing and outsourcing comes down to what customer you’re trying to service.

ARE YOU OUTSOURCING WHAT YOU LOVE?

FINDING ENJOYMENT IN YOUR WORK

As someone who loves to get things done, I am always looking for ways to save time and make the most of it. I’m not alone on that front.

There are productivity hacks, mantras, books, gurus, and many messages telling us to be productive. There’s even a Productivity Commission. Productivity in all these guises is positioned as a good thing, and in many situations it is.

However, this massive focus on productivity can make you think that productivity is always good for us. But what if your drive for productivity meant you were sucking the joy out of your work?

I was reminded of this recently when listening to Steven Levitt of Freakonomics fame. He was interviewing the legendary filmmaker Ken Burns

[Sidebar – if you’ve never watched Ken Burns’ work, you should set aside some of your summer holidays to do so. His documentary work is incredible].

In the interview, Steven talked about how, as his career advanced, he could delegate aspects of his work.

As a researcher, the easiest part to delegate was the data analysis rather than the writing. However, it was the data analysis that he most enjoyed. He explained how he ended up delegating away what he loved in the pursuit of higher productivity.

This can happen in all fields. The technical expert is told that to progress they must take on a people leadership role, and yet, that’s not what interests them. Many times I’ve had people tell me I should outsource the writing of my weekly blog so I have more time for other things. And yet, if I did that, I’d be outsourcing my voice to someone else and giving up something I love to do.

Finding enjoyment in the work we do isn’t a bad thing. Like everything in life, it’s a trade-off.

The question to ask: What are you not doing by spending time on this activity?

You are likely to have already heard of the Eisenhower Matrix, which is a model invented by the then US President, Dwight D Eisenhower, during World War II. It’s designed to help you distinguish and prioritise between activities and you ultimately select from four options: Do First, Schedule, Delegate, or Don’t Do.

It’s a helpful approach. However, I’d suggest you go a step further.

Academics and researchers talk about the concept of ‘Job Crafting’. This is where you take your role and craft more meaning into your work. When we have meaning in our work, we derive more satisfaction.

Amy Wrzesniewski and colleagues at Yale School of Management found that no matter your job, you can try and craft more meaning from it. The researchers ran an interesting study with hospital janitorial staff. They discovered that cleaners who could build meaning into their work enjoyed it more, resulting in improved wellbeing. In this context, more meaningful work meant the cleaners didn’t see their work as cleaning floors but as connecting with patients or trying to help the doctors achieve better care.

It reminds me of the story of when President Kennedy visited NASA headquarters for the first time in 1961. While touring the facility, he introduced himself to a janitor who was mopping the floor and asked him what he did at NASA. He said, “I’m helping put a man on the moon”.

Now, all jobs have their dreary parts, so this isn’t to suggest that you never do things you don’t enjoy doing. That’s an impractical and unrealistic suggestion. It’s about balance.

So, when you are thinking about the work you do, how you prioritise and what you delegate or don’t do, I’d add these questions to your list:

• If I stop doing this work, how will it impact my job satisfaction?

• Does doing this take me away from the work I am good at (or love)?

• What am I trading off when I decide to do this?

• How can I craft more meaning in the work I do?

• Does this task align with my overall purpose?

As the Sufi poet, Rumi wrote:

“Let yourself be silently drawn to the stronger pull of what you really love.

From Misunderstanding to Mastery: Four Dimensions to Transform Your Cross Cultural Leadership

CROSS CULTURAL LEADERSHIP TO BUILD BETTER TEAMS

Cross cultural leadership is a fantastic chance to broaden your impact and develop teams that excel in performance and innovative problem-solving. You can achieve these outcomes when you recognise the challenges and focus on four dimensions of team collaboration.

THAT WASN’T A COMPLIMENT

Early in my (David’s) career, I worked in a very culturally diverse organisation. A few months into my work there, a man named Jack took me aside and said, “David, I noticed that when you come into our all-hands meeting, you walk straight up to the front row, sit down, open your notebook and are ready to take notes.”

Happy that he’d seen my focus and preparation, I answered, “Jack, thanks for noticing.”

He put his hand on my shoulder and said, “Brother, that wasn’t a compliment.”

Jack explained that when I entered the room and sat down, focused on the meeting and the work, I was not greeting my colleagues and engaging in pre-meeting

conversations. “To us,” he explained, “that comes across as either you don’t like us or you think you’re better than us. And I don’t think that either of those is true — I just don’t think you know any better, so I wanted to tell you.”

It was an early lesson in cross cultural leadership, and I am so grateful for Jack having that conversation with me.

CROSS CULTURAL LEADERSHIP CHALLENGES

Recently, we were working in the Philippines when a leader asked me (Karin) how to help their team speak up with ideas or identify problems and potential solutions. The heart of their question was a cross cultural leadership challenge. Their team is from a culture that prioritises respect for elders and authority figures and minimizes direct confrontation or criticism.

We’ve had many leaders, managers and clients around the world approach us with different cross cultural leadership challenges, including:

• “In my culture, we need sound and music to do our best, but my office is silent as a graveyard. It’s so depressing and hard to feel energy for anything.”

• “I don’t “care” or want to be friends with my team. Culturally, this does not work for me.” (This leader WAS invested in her team’s success—the words “care” and “friend” meant something different for her than they do for others.)

• “In my culture, when someone offers you a favour or food, you decline. They offer again, you decline. They offer again, and then it is polite to accept. But in this country, I must be rude and say ‘yes’ the first time or they stop asking.”

• “When I ask the team for status updates, they tell me everything is good, even when I know it can’t possibly be going well.”

These are just a few examples of the many cross cultural leadership challenges you might face.

THE PRICE OF CROSS CULTURAL CONFLICT

There are so many benefits to leading a cross cultural team (better problem solving and performance are just two examples), but failing to lead intentionally can also cause serious problems, including:

1

Erosion of Trust and Respect

Ignoring cross-cultural challenges can lead to a significant erosion of trust within a team, as team members may feel the team undervalues or misunderstand their backgrounds and perspectives. This erosion of trust undermines team cohesion and can significantly affect morale and productivity.

2

Reduced Innovation and Creativity

A failure to address cross-cultural leadership challenges stifles the creative potential of a team. When team members from various cultural backgrounds don’t feel included or understood, they are less likely to contribute their unique insights and ideas, leading to a homogenisation of thought that can stifle innovation and limit problem-solving capabilities.

3

Increased Conflict and Miscommunication

Cross-cultural challenges often manifest in misunderstandings and misinterpretations, which can escalate into conflicts and ultimately lead to a toxic work environment.

4

Reduced Global Competitiveness

Failing to address cross-cultural challenges compromises your ability to operate effectively across different markets. You can struggle to attract talent, collaborate with partners, and serve your customers.

FOUR DIMENSIONS OF CROSS CULTURAL LEADERSHIP

There are four dimensions of team collaboration that will help you lead cross culturally and bring out the best from your team.

CONNECTION

We

Leadership is a relationship, and that’s never truer than when you lead a team of people from different cultures—especially when their culture is different from your own.

Building that relational knowledge for yourself and everyone on your team will help prevent misunderstandings and give you a platform to bring out the best in your team.

There are many ways to build cross cultural connection, but you don’t want to leave it to chance. People will certainly learn about one another slowly over time, but why wait?

Facilitate sharing and model with your listening and learning. The time you invest up front to help a crosscultural team connect and understand one another will pay huge returns in saved time and innovation. Here are a few activities you can incorporate into your meetings to help build connection (these should be shared activities where everyone can participate, with you leading by example—avoid pressuring one person to educate a group about their culture):

• How do you… – Invite your team to pick a different subject from time to time – for example: How do you offer to do someone a favour or food? Politely say “no”? Celebrate birthdays?

• Colourful metaphors – Invite team members to think of a fun or colorful metaphor, cliché, proverb, or saying that they grew up with and then explain its meaning. (A favourite of ours we learned from our Swiss clients is “Put the fish on the table.” It means “have the conversation about the uncomfortable subject.”)

• Myth-busting – Invite team members to share one myth or stereotype that they believe people sometimes think about their culture. Then they ‘bust the myth’ by clarifying the reality as they know it.

After connection, curiosity is a vital dimension of cross cultural leadership. An attitude of learning, flexibility, and ability to look at issues from different perspectives will help you bring your team together. This means approaching your leadership and coaching with questions and seeking genuine understanding.

One of the most important aspects of leading with curiosity is to avoid judging and instead ask, “How can we?”

For example, you might be tempted to judge a team that prizes respect for authority and think, “They won’t ever tell me the truth and I can’t count on them.” That attitude limits your creativity and automatically puts you in opposition to your team.

Instead, asking a “How can we?” question will help you reframe the challenges your team faces.

One practical application is to ask, “How can we reframe this issue in terms that support, rather than erode, cultural norms?” For example, if you have a team member who prizes peaceful coexistence or deference to authority and doesn’t speak up with problems they observe, you can reframe the issue as one of peace or respect for authority. For example:

“In our team, the best way to create peace or to show respect for your teammates or leader is to bring up issues which can cause us harm.”

Clarity

As you build connections and learn one another’s styles and cultural preferences, the next dimension to help you lead a cross cultural team is clarity.

Specifically, you want to invest in clarity about the culture of this team or organisation. This is an open discussion about the norms and ways in which the team will operate. The goal is to define (and continually redefine) a shared culture.

This starts with your mission and values. What are you here to do? How will you commit to doing that work with one another? Two of the most important clarity conversations you can have about values are:

• “What does this look like in practice?”

• “What do we do when these values conflict with one another?”

Ask these two questions regularly. Share your own stories. Occasionally, invite other leaders or executives to share their stories and examples. If culture is “what people like us do,” then story-telling is the engine that drives your team’s culture.

Commitment

We have a clear agreement. 4

The final dimension of your cross cultural leadership is to make it all happen. Commitment is the alchemy that transforms the Connection, Curiosity, and Clarity into performance. There are three aspects of commitment that will carry your team to new heights.

Practice

It takes time to build a new culture, to incorporate our understanding and new relationships, and to learn how to reframe cultural values for team performance. You will have missteps and misunderstandings. Use these as opportunities to circle back to connection and curiosity and build new clarity. Practice your team norms and values when the stakes are low.

Celebrate

As you build a new culture together, watch for moments of commitment. When someone recognises their teammate’s values, celebrate. When a normally silent teammate raises their hand, encourage them. Build in time to “look down the mountain” and see how far you’ve come as a team – what understanding do you take for granted now that was very different ten months ago?

Use Yourself for Accountability

Often, one of the more challenging aspects of cross cultural leadership is building a culture of accountability. And one of the most effective ways to create the psychological safety and model what success looks like is to use yourself as the subject of accountability.

For example, when you don’t follow through on your word (even if it’s for a justifiable reason), and someone mentions it, stop everything and celebrate. That’s a huge moment and exactly what needs to happen! And if no one says anything, ask your team if they noticed your dropped ball, and use it as a moment to invite their accountability. You can even use the moment to practice using the specific words. For example, “I noticed that we don’t have what you mentioned.”

When you help people practice accountability ON you and celebrate when they do, you make it safe for everyone to learn, grow, and practice accountability with each other.

YOUR TURN

Cross cultural leadership is a wonderful opportunity to expand your influence and build higher performing teams who solve problems creatively. You’ll get these results when you invest in Connection, Curiosity, Clarity, and Commitment.

And, we’d love to hear from you—what’s one of your most effective approaches for leading diverse teams and helping everyone succeed together?

This article was first published on Let’s Grow Leaders

KARIN HURT

Karin Hurt helps human-centered leaders find clarity in uncertainty, drive innovation, and achieve breakthrough results. She’s the founder and CEO of Let’s Grow Leaders, an international leadership development and training firm known for practical tools and leadership development programs that stick, and the author of four books including Courageous Cultures: How to Build Teams of MicroInnovators, Problem Solvers and Customer Advocates.

DAVID DYE

David Dye helps human-centered leaders find clarity in uncertainty, drive innovation, and achieve breakthrough results. He’s the President of Let’s Grow Leaders, an international leadership development and training firm known for practical tools and leadership development programs that stick. He’s the author of several books including Courageous Cultures and is the host of the popular podcast Leadership without Losing Your Soul.

THE GUILT-FREE MORNING ROUTINE: A MORE WORKABLE WAY TO START THE DAY RIGHT

REALISTIC MORNING ROUTINE STRATEGIES FOR SUCCESS AND WELL-BEING

If you listen to self-help podcasts, audiobooks, or thought leaders, you’ll soon find one suggestion in almost all of them: develop a morning routine. The morning routine is designed to make us feel good and ready for the day ahead, but in reality, it can accidentally make us feel bad about ourselves.

As we sit at the feet of these high performers, we hear about the myriad morning activities they engage in daily, which include meditation, morning walks, getting sunlight, exercise, journaling, reading spiritual literature, writing gratitude lists, taking ice-cold showers, and drinking salt water (not kidding).

“Morning routines” at this scope sound inspiring but are also guilt-inducing and practically impossible for most people.

What’s not often highlighted is that many of these morning routine celebrities are younger men who work for themselves and don’t have kids. As a result, their advice sometimes feels disconnected from the realities of people waking up to toddlers or teenagers or people heading to early morning jobs with bosses and time clocks. I once wrote out everything I wanted to do in an ideal morning routine, and it required two and a half hours. Who can do that?

Another interesting aspect of the omnipresent morning routine advice is its clash with another widely advocated wellness pillar: sleep. There are books, gadgets, apps, classes, and of course, TED talks about sleep. Why? We’re learning that sleep is central to almost everything we value in our mental and physical health, from cancer prevention to longevity to memory enhancement. And for children (and the rest of us), it’s the starting point for emotional regulation, learning, good moods, and the general calm every family and home needs. It’s puzzling then, that many morning routine recommendations involve setting a 4:30 or 5 am alarm. What’s a conscious individual to do when caught between these two priorities?

I’m a firm believer in some form of morning routine. I resonate with Tim Ferriss’s rallying cry: “Seize the morning, seize the day.” That’s what I strive for, albeit imperfectly.

The routines I practice and promote are simple, flexible, super realistic, and based on the principle of “good enough.”

Here are three approaches to your own morning routine that might better serve you:

Option #1: The PM-Prep Routine—Prepare everything for your day the night before to free up more time each morning so that whatever you do plan has a higher chance of happening.

Option #2: The Accordion Routine—Create a list of activities you commit to, doing them in the same order daily but with durations that vary based on available time. For example, on a leisurely day, I might get in a 45-minute workout, but on a hotel day before an event, 5 minutes of yoga in the room might have to suffice.

Option #3: The Daily-Design Routine—Choose from a short list of activities you know and like, doing some and skipping others, depending on the time you have each morning. Some days I meditate and some I walk and some I read inspiring literature, but I may not always do the same routine.

Here is the ultimate key: begin each day with intentionality. Do that in any form, and you win

As you contemplate your morning routine, remember that the wonderful meditation teacher Dan Harris says he fulfills his commitments daily-ish. I think “daily-ish” is a perfect goal. Yes, start each day with a moment of clarity, but in a way that sets you up for a feeling of success.

This article was also published on Juliet Funt’s LinkedIn

JULIET FUNT

Juliet Funt is the founder and CEO at JFG (Juliet Funt Group), which is a consulting and training firm built upon the popular teaching of CEO Juliet Funt, author of A Minute to Think.

Embracing the Brain Update “

Thriving in an AI-Dominated World

As artificial intelligence (AI) continues to infiltrate nearly every corner of our lives, many are left pondering the future. Will machines inevitably surpass humans?

Are we about to be burnt by AI?

– Dr. Justin Cohen

Recently, I had the opportunity to discuss this very topic with Dr. Justin Cohen, author and futurist, when he visited our office to promote his thought-provoking book, What the Future – 7 Updates to Thriving in an AI World.

Dr. Cohen’s exploration of this topic stemmed from a very personal experience. As an author, coach, consultant, and speaker, he faced a moment of existential threat. With the rise of AI tools like ChatGPT, he began to question his own value and place in society. Seeking guidance, he even asked ChatGPT, “How can I maintain my self-worth?” The response will blow you away, “You are more than the tasks you perform,”. This response sparked a profound realisation: this is the fundamental difference between humans and AI. While AI excels as a tool, humans possess a depth of consciousness that transcends mere task completion.

Understanding

“

the Human Advantage

New technology does not replace humans as much as it replaces humans who don’t use new technology

– Dr. Justin Cohen

So how can we capitalise on these challenges, and leverage on new opportunities

like AI?

Cohen’s central argument is that humans don’t simply need to adapt to an AI-dominated world, they need to fundamentally upgrade their brains to thrive. This software update or “brain update” is not about merging with machines, but about fostering a set of core skills and attitudes to help us navigate the turbulent waters of the AI revolution.

Before outlining his ‘updates’, Cohen dissects the very nature of what makes us human. The ability to innovate, feel empathy, understand nuance, and exhibit consciousness are just a few of the characteristics that set us apart from even the most advanced AI systems. While AI excels at tasks that are structured and datadriven, humans retain a distinct advantage in creativity, emotional intelligence, and abstract reasoning.

But for humans to retain their edge, they cannot afford to become complacent. Cohen stresses the concept of a ‘growth mindset’—the embrace of lifelong learning. In a world where knowledge is rapidly evolving, humans must become continuous learners, embracing discomfort and venturing beyond their intellectual comfort zones. Neuroscience backs this up; our brains remain plastic, constantly forming new neural connections, and challenges promote this growth.

7 Essential Updates

Cohen introduces seven critical updates centered around taking personal responsibility, fostering positive mindsets, and optimising mind and body alike:

Agility. Leading change means becoming a continuous learner who actively seeks out new knowledge and skills while embracing discomfort as a catalyst for personal growth.

“When it comes to agility, there’s another bug in our operating system: our resistance to discomfort

- Dr. Justin Cohen

Cohen inspires readers to embrace challenges and step outside their comfort zones, whether it’s by learning a new skill, striking up conversations with strangers, or even pushing themselves physically with a marathon.

Personal Responsibility. We can’t always control external events, but we can control our response. This includes carefully curating our digital environments and consciously choosing information sources rather than passively scrolling through algorithm-fed content. Round the clock connectivity can turn us into slaves of our phones.

“

Let’s just make sure we’re in control, not the apps

- Dr. Justin Cohen

Positivity. Positivity doesn’t mean expecting to get the best of everything. Whilst Cohen has been teaching the virtues of positivity, science shows that our brains are wired for negativity, that is, our brain is prone to more negativity that to positivity. Why are we faster to single out a frowning face than a smiling crowd? Have you noticed that? Dr. Cohen urges us to overcome this bias by practicing gratitude, to appreciate what we have to seek out the positive aspects of challenging situations.

“

The brain needs an update. We need to actively cultivate more positivity, particularly in an age of exponential change when so much is uncertain

- Dr. Justin Cohen

“

The story of human progress is the story of connecting with and learning from one another

- Dr. Justin Cohen

7.0 Update

Physiology. In our rapidly changing world, managing stress takes center stage. While some stress is essential for focus, creativity, and action, unchecked stress can quickly spiral into debilitating anxiety. Understanding that stress fuels performance only up to a point is crucial; beyond that threshold, our abilities and well-being begin to suffer. Managing stress through breathing techniques, exercise, and reframing events as exciting rather than threatening is vital for mental clarity.

Update 5.0 Update

Purpose. Discovering our ‘why’ provides a guiding light when navigating challenges. Purposedriven individuals are shown to be more resilient and experience greater well-being.

Studies reveal a fascinating connection between stress and altruism: individuals who consistently help others demonstrate remarkable resilience, with no increased risk of stress-related health problems. So, the next time you feel overwhelmed, try reaching out to someone in need – it might just be the best antidote for your own stress.

“Hug someone. Help someone. Seek or give social support

- Dr. Justin Cohen

Performance. Knowledge without action is useless. Each step towards a better future requires turning new information into habits — effectively rewiring our brains for consistent action that drives our goals.

The Path to Thriving

Dr. Cohen’s book “What the Future - 7 Updates to Thriving in an AI World” offers a sobering, yet ultimately optimistic view of the future. AI poses both potential threats and incredible opportunities, and it’s up to humans to choose the direction they want to take. By understanding our unique strengths, taking charge of our mental and physical well-being, and embracing these new ‘brain updates’, we can not only survive but also truly thrive alongside the machines we have created. Are you ready to update your software to embrace the changes, or will you be left behind? Have you taken steps to prepare yourself for the future and the changes Dr. Cohen outlines above?

How you decide to live and thrive in this world depends on you!

KIRAN TULJARAM

6.0 Update

People. Human connections are essential. Cohen stresses that even in a tech-saturated world, our most significant achievements and support systems arise from collaboration and community, like the wellknown saying in South Africa – ‘A person is a person because of other people’.

Kiran Tuljaram, the Lead Editor at Leaderonomics, brings a wealth of experience to her role. With a background as a trained lawyer, she dedicated nearly a decade to the banking industry before embarking on her entrepreneurial journey. Following her tenure as a Legal Manager at a bank, Kiran founded and successfully ran multiple businesses, including the establishment of her own fashion accessories label. Balancing her entrepreneurial endeavours, Kiran is also a devoted mother to three girls. Her varied background in banking, motherhood, employment, occasional social work, and managing director in her business has provided her with invaluable insights and a unique perspective on the critical importance of leadership within organisations.

Cybersecurity For Boards & Senior Leadership: Exploring the MGM Hack

PROTECTING DIGITAL FRONTIERS: LESSONS FROM MGM’S CYBERATTACK AND THE FUTURE OF CYBERSECURITY TECHNOLOGY

In an age where digital transformation accelerates, the spectre of cyber threats shadows every stride we make towards progress. The past 18 months alone have witnessed an unprecedented wave of cyberattacks, marking a new era of digital vulnerability. IBM’s 2023 Cost of a Data Breach Report illuminates this dark landscape, revealing an alarming average cost of $4.35 million per breach, a figure that has climbed steadily over the past five years. Yet, it’s not just the financial haemorrhage that startles; it’s the brazenness and sophistication of these attacks, underscored by incidents like the Colonial Pipeline shutdown, which reverberated through the energy sector, causing widespread fuel shortages and public alarm. These are not isolated incidents but rather harbingers of a systemic challenge, exposing a glaring gap between technological advancement and cybersecurity preparedness.

Despite a relentless surge of high-profile cyberattacks over the past 18 months – costing companies billions and severely disrupting operations – there remains a startling lack of cybersecurity understanding and prioritisation at the board and senior leadership levels. According to a recent KPMG survey, 55% of CEOs admit they are not fully prepared for a potential cyberattack, while a Deloitte report indicates that only 12% of board members feel highly knowledgeable about cybersecurity risks. This disconnect between the escalating threat landscape and insufficient leadership focus, exposes organisations to potentially devastating consequences.

In this digital age, cybersecurity transcends merely an IT concern, evolving into a critical business imperative. The recent cyberattack on MGM Resorts

in September 2023 starkly underscores this reality, serving as a harrowing reminder for C-suite leaders about the paramount importance of safeguarding digital frontiers. This article aims to dissect the MGM cyberattack, providing insights and actionable lessons for executives to fortify their cyber resilience.

The Incident: A Closer Look at the MGM Cyberattack

MGM Resorts, a titan in the hospitality and entertainment sector, fell victim to a sophisticated cyberattack attributed to factions believed to be the Scattered Spider group and the notorious AlphV/BlackCat ransomware gang. These attackers, employing cunning social engineering tactics, tricked unsuspecting employees into compromising the system’s security. The breach led to significant operational disruptions: casino floors saw partial shutdowns, ATMs and slot machines faltered, and the digital lifeline for reservations, the online booking system, was rendered inoperative.

In the aftermath, a grim revelation surfaced — the theft of sensitive customer data, including names, contact information, and in more severe instances, Social Security numbers and passports. The financial toll on MGM was staggering, with estimated losses hovering around the $100 million mark. How did such an attack take place?

Based on available information, here what we were able to piece together:

1. Social Engineering: The Scattered Spider group started the hack by targeting MGM employees, likely through LinkedIn or other social platforms. They gathered information to craft a convincing phishing attack or phone scam, posing as a legitimate entity (e.g., IT support). The employee fell for the trick and divulged credentials or allowed remote access.

2. Initial Infiltration: The hackers used compromised credentials to enter MGM’s network. They likely moved laterally and searched for weaknesses in security protocols.

3. Privilege Escalation: The hackers focused on acquiring elevated access. This could have been through exploiting software vulnerabilities or using brute-force techniques to crack passwords. With higher-level access, they could move more freely in the system.

4. Credential Harvesting: Hackers obtained credentials from domain controllers and tools like the Okta sync server, giving them access to other employees’ accounts and systems.

5. Data Exfiltration: Over time, the group collected terabytes of sensitive customer data, including names, contact information, IDs, and potential financial records. The data was quietly syphoned out of the network.

6. Deployment of Ransomware: Believed to be executed by the AlphV/BlackCat group, the ransomware was deployed across MGM’s systems, encrypting files, and disrupting operations. This is when the attack became fully visible.

Below is a graphical flow of the possible attack at MGM:

While this was happening, you may wonder why the MGM Cyber team did not intervene. Part of the reason could be that they might have missed the following:

• Training: Employees weren’t sufficiently trained on recognizing social engineering tactics. A single employee compromised the entire network and sometimes there may not be awareness that a single employee compromised could enable hackers into the network.

• Patching Vulnerabilities: The hackers likely exploited known software vulnerabilities that MGM hadn’t patched quickly enough.

• Network Segmentation: Inadequate network separation allowed hackers to move laterally once inside the system. Properly segmented areas could’ve limited damages.

• Multi-Factor Authentication: If it wasn’t present everywhere, or could be bypassed, it left critical systems vulnerable.

• Monitoring and Detection: Systems may not have generated sufficient alerts or logs to catch the initial intrusion, allowing hackers to operate discreetly.

It is possible that MGM’s cybersecurity team did everything right, and the hackers still got through. Cyber defences are never foolproof. Hackers are constantly adapting and becoming more sophisticated.

The MGM attack emphasizes that cyber threats are constantly evolving and that even large companies with substantial resources can be vulnerable. It’s critical for businesses to continuously invest in security (leverage new cybersecurity technology like SSHepherd etc), train employees, and maintain a proactive, multilayered defence strategy.

Unpacking the Lessons

The narrative of MGM’s breach is but a single thread in this vast, intricate tapestry of cyber insecurity that stretches across industries and borders, compelling us to confront an uncomfortable truth: in our digital fortresses, the gates stand wide open. The MGM cyber saga is replete with lessons, each a cornerstone for crafting a robust cybersecurity strategy. Here are pivotal takeaways and strategies for C-suite executives:

# The Social Engineering Threat

The MGM attack accentuates the peril of social engineering. These schemes, leveraging psychological manipulation, prey on human vulnerabilities to breach security.

Actionable Insight: Organizations must prioritize training programs that empower employees to recognize and thwart such attacks. Incorporating regular drills, security briefing and awareness sessions can significantly mitigate this risk. The costs of training employees and senior leaders to be able to identify red flags fast, would far outweigh the potential losses from a threat materialised

# The High Cost of Data Breaches

The financial ramifications of the MGM breach are a stark reminder of the economic stakes involved. Beyond the immediate financial losses, the reputational damage and erosion of customer trust can have long-lasting consequences.

Actionable Insight: Investing in advanced cybersecurity measures is not an expense but a safeguard against potentially crippling financial and reputational fallout. New stealth-based cyber security technology like SSHerpherd and other technology that is far more advanced, is worth investing into

# The Imperative of Transparency

MGM’s approach to promptly disclose the breach was commendable. In times of crisis, transparency becomes a pivotal trust-building tool with stakeholders.

Actionable Insight: Develop a communication strategy that ensures swift, transparent, and honest disclosure to affected parties, reinforcing trust and commitment to customer protection.

Strategic Cybersecurity Enhancements

C-suite leaders must view cybersecurity through the prism of strategic business resilience. Here are key strategies to bolster defences:

1. Robust Cybersecurity Solutions: Deploy stateof-the-art stealth-based cybersecurity software, firewalls, intrusion detection systems, and encryption protocols. Regularly update these defences to outpace evolving cyber threats.

2. Incident Response Planning: Craft a comprehensive cyber incident response plan detailing swift and efficient actions to minimize damage. This plan should be regularly updated and rehearsed with key stakeholders.

3. Regular Security Audits: Conduct periodic security assessments to identify vulnerabilities. These audits should inform the continuous evolution of security measures.

4. Fostering a Security-conscious Culture: Cultivate an organizational ethos where every employee is a cybersecurity sentinel. Regular training and awareness initiatives can reinforce the importance of vigilance and responsibility.

Conclusion: A Call to Action

The MGM cyberattack narrative is a clarion call for C-suite leaders to recalibrate their cybersecurity strategies. In an era where digital threats loom large, the imperative to protect digital assets and customer data is paramount. By embracing the lessons from MGM’s experience, leaders can not only shield their enterprises from similar fates but also foster a culture of resilience and trust that stands as a bulwark against the cyber threats of tomorrow.

In the journey towards cybersecurity excellence, the MGM case study is not just a cautionary tale but a blueprint for strategic action. The saga of the MGM cyberattack transcends a mere cautionary tale; it heralds a pressing imperative for boardrooms across the globe. In an era defined by digital threats that are as pervasive as they are pernicious, the stewardship of cybersecurity is not just a matter of technical diligence but a cornerstone of strategic leadership.

This is a clarion call for board members to pivot from passive oversight to active engagement in cybersecurity governance. The stakes transcend financial loss, reaching into the realms of trust, reputation, and long-term viability. As leaders, the urgency to fortify our digital domains against the spectres of tomorrow demands more than mere acknowledgment—it requires a wholesale cultural shift towards cyber resilience.

Let the lessons of MGM serve as a stark reminder and a rallying cry: to invest in cybersecurity is to invest in the very scaffolding of our future prosperity. It’s time to marshal our collective resolve, resources, and ingenuity to erect defences as robust as the threats are relentless and adopt new technology that enables your critical servers to be protected.

The journey toward cybersecurity excellence is fraught with challenges, but for those willing to lead, it offers the invaluable prize of safeguarding our digital age. The time for action is now. For C-suite executives and board leaders, the message is clear: the time for robust, proactive cyber defence is now. Let this incident be a catalyst for change, spurring us to adopt a more vigilant, informed, and strategic approach to cybersecurity.

ROSHAN THIRAN

Roshan is the Founder and “Kuli” of the Leaderonomics Group of companies. He believes that everyone can be a leader and “make a dent in the universe,” in their own special ways. He is featured on TV, radio and numerous publications sharing the Science of Building Leaders and on leadership development.

DANNY KIM

Danny Kim is the Founder and CTO of FullArmor Corporation. He is also the CEO of CyberArmour, who are distributing the SSHerpherd Cybersecurity solution. Danny is a recognised industry expert on Enterprise Security, Active Directory, Datacenter Automation, and Cloud Computing. Danny has helped more than 30 Fortune 100 companies, including Bank of America, Boeing, and Wal-Mart, design and deploy their Security Policy, Datacenter, and Cloud based infrastructures. He has also architected and developed several leading cloud security management products which have been licensed by Microsoft, NetIQ, Citrix, HP, Sony, Toshiba and others. Danny holds a BS in Computer Science from Cornell University. Danny is currently conducting Security Briefings for boards and C-Suite executives around the world.