I\u2019d bet my salary that your company has been breached. Which is not ironic, because you\u2019re betting your salary, i.e., your job, if you think otherwise.It\u2019s been famously said that there are only two types of companies: those who know they have been breached, and those who don\u2019t know it yet.Here is what you\u2019re up against (not good odds):Those who hack for sport: Don\u2019t bet that you\u2019re smarter than everyone else, that your design, implementation and configuration are error-free. Hackers take that as a personal challenge to prove you wrong.The APT: A determined nation-state-like organization with time and resources available.Equipment failures: Strong security measures that stop working correctly during unusual conditions (e.g., power failures or hardware failures).Insider threat: Imposters working for someone else, bitter personnel on their way out or \u201cactivist\u201d employees.Criminal elements: Those motivated by the almighty dollar, at your expense.Accidental compromises: Due to the fallibility of the humans who use and operate the network.\u201cHow can you be so sure?\u201d is the question I sometimes get when speaking on this topic. But decades of experience breaking other peoples\u2019 toys, helping to protect our own and looking at my own broken toy parts have taught me otherwise. Their question is actually an attempt for reassurance in a time of intensifying security uncertainty. It is a Hail Mary pass in hopes that never-ending reports about security breaches aren\u2019t guaranteed to decimate their data, exploit their users\u2019 personal information, steal what is proprietary and confidential, and leak sensitive secrets.I would prefer the question inspired would be the far more consequential, \u201cWhat should we do given that inevitability?\u201dSegmentation and recoveryAn organization that has implemented the fundamentals of segmentation to mitigate the extent of an attack\u2019s damage will find that they have also reaped an additional benefit: a much more efficient recovery.It\u2019s a truism that counter-breach strategy starts and ends with segmentation. You use it to prevent compromise to begin with, you use it to restrict the scope of compromise when you are indeed breached, and you use it to reconstitute to a fully operational state post-breach.That\u2019s because access segmentation is essential to the more advanced cybersecurity protocols of failure recovery, visibility and inspection. So not only will implementing fundamentals prevent threat actors from stealing or destroying their most valuable assets \u2013 they also create a network that can safely return to normal operations with far less cost, loss, disruption and downtime.Simply put, no matter how sophisticated its execution, \u201cclean up on aisle 9\u201d is not a very strong or satisfying cybersecurity posture. And it is definitely not an effective one.5 steps for dealing with a breachEven the most innocuous threat actors (a term as oxymoronic as it is Orwellian)\u2014those more motivated by the desire to wreak havoc for havoc\u2019s sake rather than for state-sponsored terrorism or industrial espionage\u2014can leave a dumpster fire where your competitive advantage used to reside.Here are the five crawl-walk-run things you should do in the face of inevitable breaches:Create an organizational Incident Response Plan, and exercise it. An IRP plots different scenarios and provides a playbook to follow when a breach occurs. Each breach is different, and there is not cookie-cutter approach, but speaking euphemistically, you don\u2019t want to have to learn to fly the plane or fix the engines in a time of crisis.Execute the security doctrine of macro and micro segmentation. Give access to systems and data to those who need it, but no one else. Whoever first said, \u201cDon\u2019t put all your eggs in one basket\u201d was a cybersecurity visionary. Better yet, practice agile segmentation, a strategy enabled by cutting-edge firewall products, which grants and retracts according to the need in real time. It\u2019s not only better for security, but it actually increases business productivity by enabling great collaboration without fear.Regenerate from a known secure state. Post-breach, you still need to be able to regenerate to a known secure state. If you are waiting for an attack to serve as a wake-up call, it will be extraordinarily difficult to recover from it (especially from an APT, whose middle name is \u201cpersistent\u201d). To confidently recover from a breach, ensure you have a pristine version of your operating systems and configurations for your security architecture. This is the \u201cgold copy\u201d of your security system that is stored securely offline. From that secure beachhead, you can get your other operating systems and applications up and running.Measure and adapt to changes in your resiliency risk. Agile segmentation, team-oriented cybersecurity strategy over a security fabric and the cloud have made the security concept of auto-resiliency a reality. Today, in the IT world, we measure the reliability of our networks (\u201cHow many .9s of reliability do I have?\u201d) and make adjustments. We need to steal a page from that playbook and score (measure) the quality of our resiliency posture in real time. A resiliency score will allow you to stay \u201cleft of boom\u201d (take actions before a bad thing happens) by, say, clamping down on segmentation, isolating and auditing a suspicious access point, blocking an application\u2019s access to the data center, or spinning up new capacity in the cloud.Auto-regeneration. For the inevitable time when you find yourself \u201cright of boom\u201d (i.e., you were breached), use centrally orchestrated micro and macro segmentation to effectively navigate an attack\u2019s aftermath to regenerate, via orchestration, to a known secure point, to return to normal operations quickly and automatically. Since the goal of any threat actor or adversary is persistence\u2014their efforts are meaningless if simply shutting down a system will stop them\u2014they go to great lengths to ensure that they will still be able to maintain the compromise even after a system has been reconstituted. Auto-regeneration, from a known pure platform, has the potential to turn weeks of down time into minutes.In a digitally driven and increasingly hyper-connected global business landscape, the potential to reach, engage, influence and inform your most critical audiences, stakeholders, strategic partners, customers and collaborators is giving rise to opportunities never before possible. But that reality also reveals a simple new truth: The more you are able to connect with others, the more others are able to connect with you. As threat actors become increasingly dexterous and experienced, that connectivity can be transformed into a tremendous liability for those organizations that fail to view the new digital business realities from all angles.Those reluctant to take that bet I offered should ask themselves why not. If it is because they doubt the implications of this new business fact of life\u2014or worse, fear them\u2014they may soon realize that they are in fact gambling with something far more valuable than a single paycheck.