The Cyber Resilience Compass 2025

Account compromise provides cybercriminals with a straightforward method of generating profit. By bypassing traditional security measures such as passwords and multifactor authentication (MFA), hackers can steal sensitive information, including personal details, financial data and log- in credentials. To address this concern, IMD Business School enforces strong password hygiene, number matching and context-based MFA prompts. It also strengthens phishing protection through security awareness training, advanced email filtering and risk-based access controls that block suspicious log-ins. However, acknowledging that not all compromises can be prevented, IMD Business School has established key damage control measures: –Limit email exposure: Restrict the number of emails an employee can send within a set time frame to reduce phishing risks. –Block self-service MFA registration: To prevent attackers from adding their own devices during an account compromise, users must contact IT Support to register new MFA devices. –Restrict uploads of “IMD Confidential” files: Documents labelled “IMD Confidential” cannot be uploaded to unsanctioned cloud storage or external USB devices. Automatic labelling identifies sensitive files based on patterns such as files including 20+ email addresses. –Block downloads to personal devices (“bring your own device” – BYOD): Prevents sensitive documents from being saved on unmanaged devices, reducing insider threats and data leaks. Through its proactive security practices, IMD Business School effectively reduces the number of successful account compromises. Equally important, IMD Business School’s robust damage control measures – restriction of certain functions – ensure that even if an incident does occur, the impact is minimized, safeguarding the organization’s sensitive data and systems.CASE STUDY 8 IMD Business School – A step ahead: Reducing account compromises and minimizing their impact Technical systems describe an organization’s approach to designing, deploying and maintaining IT, OT, cloud and cybersecurity tools and controls, whether in-house, outsourced or hybrid. This involves: –Understanding business prioritization of services –Using data to prevent and predict incidents –Implementing technical controls as preventive measures and to minimize the impact of incidents –Evaluating tooling based on problems, outcomes and organizational context Examples of front-line practices that organizations are applying: –CISOs build awareness among the organization’s technical teams of how the business operates, so these teams understand the best ways to protect the most important services and assets. Organizations train technical teams on risk assessments and impact analyses, ensuring that technical staff gain a clear understanding of business priorities and align their security efforts with the organization’s strategic objectives. –Technical teams use data as a key differentiator in crises to enable faster response, thorough investigation and detection of minor issues before they escalate into major disruptions. This includes collecting and integrating real-time information from various sources and applying advanced analytics and AI models to identify emerging issues early, coordinate responses quickly and prevent minor problems from escalating into much more significant issues. –Technical teams implement and periodically review hardening techniques, contingent technology and fundamental technical controls to prevent incidents, create redundancy during crises and minimize impact. Those techniques include infrastructure segmentation and segregation, MFA, secure back-ups, log management, leveraging threat intelligence, adherence to standards and consistent cyber hygiene practices. 3.5 Technical systems The Cyber Resilience Compass: Journeys Towards Resilience 16