A report released by the Cyber Safety Review Board (CSRB) in 2023 (Report) framed five critical spheres for cybersecurity improvement based on weaknesses leveraged by Lapsus$ during attacks carried out in 2021 and 2022. Organizations can use this checklist derived from the Report, and incorporating related commentary from Manatt partner Paul H. Luehr, to strengthen measures in areas the Report highlighted, including identity and access management, building resilience, mitigating third-party risk, mitigating telecommunications vulnerabilities and addressing law enforcement challenges. For in-depth coverage on the Report, see our two-part series “CSRB Report on Lapsus$ Attacks”: Key Takeaways and Law Enforcement Cooperation (Sep. 20, 2023), and Moving Beyond MFA, Building Resilience and Mitigating Third-Party Threats (Sep. 27, 2023).