Assuming the adversary makes it in, the question remains: How long after a breach occurs can the organization remediate and prevent further damage? This is where becomes critical. And whether it's done properly can make or break the bank. The response process can be broken down into four components:

- Know you've been compromised

- Get back online quick

- Stop the spread

- Detect the adversary (required) and track them down (optional)