Assume Breach

Assume Breach is a mindset, mentality, or group of questions that target minimizing the damage of any cyber-attack if happened.

The original mindset for security is to prevent any outer attack, on another side, AB looks at a cyber-attack from a different angle, it tells the programmer the attack will happen and somehow manage to go through the outer security layers of the organization then ask a very important question: what will be the damage in that case?

Some will think that we should just make sure that cyber-attack will not go through layers instead of assuming it will happen, but according to cyber-attack history even when an organization adds many strong layers of cyber security the attack somehow can go through them.

So, AB asked the security of the organization, assuming someone managed to go through the security, what damage will the organization take? this question generates many questions like:

• What is the critical info he will be able to reach?
• How much time it takes to remove the damage?
• Is the access and permission given to each one reasonable? 
• What will happen when someone gets permission? 
• When will the organization discover the attack?
• How can an organization mentor the critical info and permission? 
• Are the organization have a good policy that keeps track of actions and permissions?
• Can the organization detect strange actions and eliminate their reasons?

Nowadays there are many third-party tools that help organizations and make these things much easier but the challenge here is that small companies don't think it is worth investigating in these tools at the beginning and as time passes the introduction to these things became much harder.