How organizations get initially compromised and the cybersecurity fundamentals
The foundation of an effective cybersecurity strategy is what I call the “cybersecurity fundamentals.” A solid foundation is required for a successful strategy. The cybersecurity fundamentals are based on decades of threat intelligence that I discuss in detail later in this book. After performing hundreds of incident response investigations and studying Microsoft’s and other vendors’ threat intelligence for over a decade, I can tell you with confidence that there are only five ways that organizations get initially compromised. After the initial compromise, there are many, many Tactics, Techniques, and Procedures (TTPs) that attackers can use to move laterally, steal credentials, compromise infrastructure, remain persistent, gain illicit access to information, destroy data and infrastructure, etc. Some of these have been around for decades and some are newer and novel.
The...
