It's time to face the facts: no matter how secure you might believe your corporate network to be, sooner or later, cybercriminals will find their way in.
They could enter using stolen credentials, they could find their way in using malware, or they could be in the system for some time before you realise something is wrong.
You understandably panic when hackers have infiltrated your network and look to shutdown the infected PCs, because that's the correct thing to do, right? Wrong. The FBI has warned that while this might be an understandable impulse, it's not always the right decision.
"When we come into an incident, most people want to immediately fix it, they want it to go away as fast as possible," said Kurt Pipal, assistant legal attaché at the Office of the Legal Attaché for the FBI in the UK, speaking during panel on law enforcement and cybercrime at Infosecurity Europe 16 in London.
"I get that, it's a driver from a business perspective. However, not understanding the true intrusion events could mean you don't clear it out -- they're called 'advanced persistent threats' for a reason."