We can learn much with each significant breach. In this book, we go through multiple unique breaches and look at what harm was done. Were assets damaged or taken offline? Was data stolen or ransomed? Was it released or weaponized, offered on the black market or used for internal purposes by the cybercriminals? What methods were used in the attack? What vulnerabilities were exploited? We won’t be dwelling on the technical capabilities of the bad actors or the technical shortcomings of the victims, but in each case, there were controls that could have been in place that might have allowed the victims to mitigate, at least to some extent, the impact of the attack. We’ll look at how these controls are best deployed, how their effectiveness should be measured and how deploying these controls help you create a healthier security posture and at the same time, demonstrate compliance with myriad control regimes.
With boards increasingly asking “can this happen to us” it is essential that operations, information technology, security and audit address any gaps you find as you test yourselves against the same attack scenario.