* Stop the bleeding: While most organizations aren't willing to admit defeat, they will accept the fact that compromise is looming. So, is there anything to be done that can help protect an organization from widespread damage once an attacker is in? Maybe some of the advice from Black Hat can help.

"It is critical to compartmentalize the network with air gaps between the compartments," said Ayrapetov. "Once compartmentalized, organizations must apply the same level of security across each of the compartments to protect them from the other compartments -- just as you would for outside entry of the DMZ."

"The same compartmentalization requirement holds true for the network," added Lieberman.

It is also critical that all information security and proper-use policies and rules are defined properly, implemented properly and regularly double-checked against the configurations. "Some security settings get turned down over time in order to enable business users and applications to operate," said Ayrapetov. "Sometimes it is good to turn up the volume on the view and to change the layout of the dashboard, even if it means seeing a lot of overwhelming data. This is where the compromise may be hiding."

Another tip Lieberman suggested is for organizations to ask themselves how far a breach could travel if it gets in. "Look at a potential breach from within and outside each compartment," said Lieberman. "What are your chances of keeping the infection from spreading beyond one compromised compartment to another compartment?"