Foreword xv Introduction: The Attack xix Part I: Leading to the Attack 1 Chapter 1: A New Breed of Criminals 3 A History of Encryption 4 A Perfect Storm 5 Ransomware-as-a-Service (RaaS) 7 The Rise of LockBit 9 LockBit Begins 10 LockBit 2.0 12 Pitch Black: LockBit 3.0 14 A Bug''s Life 16 Cybercrime Inc. 17 A Series of Unfortunate Exploits 20 CyberCon Air 21 The Silicon Giant 21 Big Trouble in Little China 22 You''ve Got Royal Mail 22 The Bank Job 23 The FBI Strikes Back 23 LockBit: Resurrections 25 LockBit: Endgame 27 References 28 Chapter 2: Easy Prey 31 Higher Ed and the Internet 31 From Openness to Exposure 34 Special Challenges of Higher Ed 34 Creative Solutions 35 Changing the Culture 37 Case in Point: Michigan Medicine 38 Digital Museums 39 Data Goldmines 43 The PII Pipeline 43 Prime Data, Prime Targets 44 A Sector Under Siege 46 When Learning Gets Locked Down 47 References 49 Chapter 3: Cybersecurity at UHSP 51 Infrastructure Background 52 Into the Cloud 55 A Crisis of Connectivity 55 Securing Email 56 Attack Preparedness 57 Bringing Leadership into the Fold 58 Assessing Our Risks 59 The Attack 60 From Outage to Incident 61 Turning to Incident Response 63 Calling in the Experts 64 Iron Sharpens Iron 65 Into the Fire 66 Contents xi Part II: Responding to the Attack 67 Chapter 4: The Leadership Response 69 Dialing into Disaster 70 Working the Night Shift 74 Assembling the War Room 75 Digging for Answers 78 April''s Fool 82 Chapter 5: The War Room 85 The Files We Forgot 88 A Last Hope 90 Active Recovery 92 Getting to Work 95 Public Relations 97 Chapter 6: Countdown to the Data Dump 101 Breaking News Kind Of 103 We Scheduled This Chaos, Actually 108 Ransom, Now 50 Percent Off 110 The Data Drops 111 Part III: Recovering From the Attack 115 Chapter 7: The Data Dump 117 Reviewing the Files 117 Million-Dollar Bargain Bin 120 Notifying the Impacted Parties 122 Location, Location, Legislation 127 Looking Back and Forward 130 Chapter 8: Strengthening Security Post-Attack 133 The MOVEit Cybersecurity Crisis: Breached by Association 133 Transparency at the Top 136 Recognizing Our Failures and Weaknesses 137 Identifying Our Successes 137 Security Posture and Progress 138 Graded on a Curve 142 Making Friends in Federal Places 144 Lessons You Only Learn the Hard Way 147 Chapter 9: Reflections and Lessons Learned 151 Backups 152 Incident Response Planning and Tabletop Exercises 154 Cyber Insurance 155 Communication 156 Third-Party and Supply Chain Vulnerabilities 160 Passwords and Credentials 161 Wrapping Up 162 Part IV: What Organizations Can Do 165 Chapter 10: Building a Resilient Cybersecurity Program 167 Knowing What You Have 169 Mapping Applications and Vendor Access 170 Why All This Matters 171 Picking a Framework 172 Implementation Groups (IGs) 173 Control Categories 173 Understanding the Business 174 Get Executive Buy-In 176 Shaping Policy and Culture 178 Documenting Everything 180 Processes and How-Tos 180 Incident Response Plan 181 Backup and Recovery Plan 181 Cybersecurity Strategy 182 Environment and Infrastructure 183 Handling Regulation Concerns 183 Enlisting Outside Help 185 Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) 186 Government Resources 186 InfraGard Membership 187 Contents xiii Industry Conferences and Local Groups 187 Insurance 187 What''s Next 189 Reference 192 Chapter 11: Implementing Strong Technical Controls 193 Multifactor Authentication (MFA) 195 Endpoint Detection and Response (EDR) 198 Backups 199 Patching 201 Email Protection 202 Encryption 204 Security Information and Event Management (SIEM) 205 Microsoft 207 What I Didn''t Cover 209 References 213 Chapter 12: Responding to a Cyberattack 215 The First 24 Hours 217 Negotiation and Law Enforcement Involvement 219 Reputational Implications 221 Negotiating 222 Forensic and Root Cause Analysis 223 Regulatory Reporting and Legal Considerations 225 Public Relations and Rebuilding Trust 228 Long-Term Recovery and Continuous Improvement 230 References 235 Epilogue: The Calm We Earned 237 Appendix: Cybersecurity Onboarding Checklist: A 30-60-90-120-Day Plan 241 Acknowledgments 243 About the Author 245 Index 247.