Why We Assume Breach

If you have checked out our terminology section then you are familiar with why we assume breach, but if you would rather not leave this fabulous post then we will reiterate our position: “to assume breach is a common refrain in the cybersecurity community. It means that no matter how much you harden a system, or how stringent your security policy is, a motivated attacker will find a way into your systems. So, since you have to assume that you can be breached you have to prepare for that eventuality.”

This may seem like a bleak ideology, and it kind of is, it seems to make to make the whole idea of cybersecurity obsolete because no matter what you do someone will be able to get into your workspace. Fear not, your months, years, or even decades of dedication to the field of cybersecurity have not been wasted. Just because a highly skilled, funded, and motivated hacker can get into your workspace doesn't mean you will have such a campaign target your organization. If you are a small company that has PII or other data that you don’t want to lose then minimizing your attack surface, securing your workspace against script kiddies, and keeping up with training your staff to be wary of phishing attacks, then you should be as protected as you can expect and not be legally liable if/when your workspace is breached (this is not legal advice, as we noted on the home page we are a bunch of dum-dums that did not go to law school).

It is also important to recognize that not all breaches should be measured equally. If one of your users falls for a phishing email and gets their google session hijacked that is a very different breach then if a hacker gets root access to your data server, both are breaches but one may be considered a nuisance if caught early while the other can be devastating. However, unless you neglect your own internal security or are the subject of a targeted hacking campaign by a group funded by a nation state, then the phishing email breach is much more likely.

So don’t attempt to craft a workspace that cannot be hacked, and if anyone tells you that they can they are probably a vendor that is selling something. Simply remember this, all a hacker needs to breach your workspace is to find one mistake that you have made, which means that you and your cybersecurity team need to be perfect, and we believe that perfection is impossible, thus we have to assume breach. Secure your most sensitive data as best you can and have systems in place to be able to identify a breach as it occurs, have a plan to contain the damage, and be ready to recover your workspace and data while knowing how to maintain business continuity.