In security response, practice makes perfect

We've heard it many times in many forms -- expect to be breached, expect that you've been breached, expect that you are being breached.

Image source: imsmartin
The unfortunate reality is that most organizations don't even know that they've been compromised and therefore don't do anything to block spreading of the malware, control the damage, prevent loss of information, or even recover from the technical problems associated with the compromise.

Assuming the adversary makes it in, the question remains: How long after a breach occurs can the organization remediate and prevent further damage?

Which state is your CU in? Waiting to be breached? Already breached? Don't know? Regardless of the state, you should read the article to learn more about some best practices in response.