A detailed analysis of the activities of the Lapsus$ hacking group by the Cyber Safety Review Board shows that a focus on the basics and better usage of IAM and MFA technologies are highly effective defenses.