This is a good article by Ray Pompon. Having spoken to many organisations over the years I can probably count on one hand the number who believed their networks had NOT been compromised. For those out there who still have that mindset I suggest you read this article.

In summary:

1. The Assume Breach mindset

2. Pick your battles

3. Compartmentalisation

4. Global visibility and rapid response

5. Adapt