The Eight Irari Rules:
The malware used should have been detected.
The attack exploited vulnerabilities where a patch was available.
Multifactor authentication was not in use on critical servers.
Static passwords were used in attacks on critical servers.
If phishing was involved, there was no awareness program in place that went beyond phishing simulations and computer-based training.
Detection mechanisms that could have stopped the attack in progress were not in place or were ignored.
There was poor network segmentation that allowed the attackers to jump from low-value networks to critical systems.
User accounts that were compromised had excessive privileges.