How do we react on a data breach? Do we try to limit the damage of a breach once it occurs, do we track down evidence of the who, what, when and where of the breach, do we have a plan that alerts specific security teams, do we execute a remediation plan to recover our breached data? Or none of these, hope for the best, pay and lick our wounds?
I came across the “assume breach” mindset about 8 years ago or so. I was doing my first steps in the world of cyber security. I’ve always operated under the assumption how big the possibility was that one of my customers would be breached. Well… that assumption changed over the years. It turned out it that it would more of a “when would my customers be breached”-question.
This change of thinking was fed by the ever changing landscape of cyber threats. It’s just a matter of time that your network will be breached or maybe it has already been breached but you don’t know it. It’s even more harder if you know that all the current security, compliance and privacy policies are developed with an on-premises mindset.
All the cyber security prevention strategies and technologies in the world can’t guarantee you’ll be safe. Companies of all kind must realize that their security infrastructure is not 100% fool proof, whether these are multi-billion dollar companies or the grocery shops in your local neighborhood. Motivated hackers will always find a way to penetrate your network’s perimeter. To me this is a”prevention-only” focus. This focus is no longer enough, to my opinion.
This is where the “assumed breach” mindset comes in to play. It’s an adversary mindset that helps you make security investments, take design decisions and facilitate operational security. Assuming that you have been breached, drives a different approach in how you apply your security measures.
Do you want more information on how to apply an “assumed breach” mindset? Don’t hesitate to contact me either through DfendIT or through Lexit.