Defending Critical Assets: Containment in the Post-Breach Era

In today’s cybersecurity landscape, containment is now key.

A striking example of modern defence strategy does not come from the digital world, but from Singapore in 2019. That year, a sophisticated robbery targeted a jewellery store in Ang Mo Kio. The criminals were organised and well-prepared. They stormed the store, took control, and tried to escape with valuable gems.

But Singapore’s security forces were ready. They had gathered intel, tracked the movements, and knew the heist was coming—they just did not know when or how. Officers scattered across the city, blending in as everyday citizens. When the criminals struck, law enforcement pounced. The thieves were caught in minutes. The heist never stood a chance.

The lesson? It was not just the locks or alarms that stopped the heist. It was the containment of the threat. Intelligence, readiness, and swift action neutralised the danger before it fully materialised. This lesson applies to cybersecurity today. Prevention is critical, but expecting to stop every attack is unrealistic. The question is no longer if attackers will breach your defences, but how well you can respond when they do.

The data is clear: Despite significant investments in prevention, ransomware continues to spread, and breaches occur frequently, often with severe consequences. For years, organisations have been losing the cybersecurity arms race. Global spending is expected to reach USD $212 billion this year, while cybercrime costs are rising rapidly, now estimated at USD $10.5 trillion, according to Cybersecurity Ventures.

Cybercriminals have adapted, but defenders have not. In today’s world, the best security strategy starts with one simple assumption: A breach is inevitable. Success depends not on stopping every attack but on how you respond and how resilient your systems and teams are when it happens.

The Reality of the Post-Breach World

The post-breach world is here. Attackers have adapted. They exploit weaknesses, particularly human error. Their tactics are faster, more effective. They also target misconfigurations, unpatched systems, excessive permissions, and weak vulnerability management. Many organisations are becoming increasingly aware of these threats, leading to stronger and more proactive security strategies. However, attackers remain ahead, quickly adapting to new vulnerabilities. The challenge is staying one step ahead in a constantly evolving threat landscape.

The defender’s most important tool going forward is containment, and it changes everything. It transforms cybersecurity’s binary focus—keeping attackers out—into a more nuanced strategy of cyber resilience. It is about stopping attackers in their tracks and strengthening your defenses with every new attack.

Security Graphs Provide Increased Visibility

Like motion detectors and cameras at home, defenders need tools to track activity in their digital environments. Security graphs provide that visibility, illuminating movement and highlighting potential threats.

Security graphs provide a real-time, contextual map of the environment. They highlight relationships between clouds, users, devices, applications, and data. In other words, they connect the dots, so that defenders can see the entire landscape and have an even better understanding than the attackers.  With the help of Artificial Intelligence (AI) and advanced analytics, security teams can detect lateral movement, expose hidden threats, and identify vulnerabilities before they can cause lasting harm.

As Microsoft Threat Intelligence Vice President John Lambert famously put it: “The biggest problem with network defence is that defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.”

Security graphs do not just show you the haystack; the graph allows you to find every needle in every haystack. They’re foundational to modern cybersecurity. They help teams shift from reactive to proactive by prioritising what matters most and enabling faster, more informed decisions.

Effective Containment: Fast, Focused, and Aligned

Containment works when it is fast, focused, and well-coordinated. Once an attacker breaches the perimeter, defenders need instant visibility to pinpoint the threat and limit movement. Security graphs deliver that clarity. Network segmentation isolates critical systems, stopping attackers from spreading.

Layered with AI and automation, containment becomes even more powerful. These technologies reduce noise, filter out false positives, and accelerate response times. When every alert isn’t a crisis, defenders can act with greater speed and confidence.

But containment is not a one-and-done initiative. It is a continuous process, one that evolves with the threat landscape.

Compliance and Containment: Adapting to Evolving Regulations

The regulatory landscape in Asia Pacific is evolving. It is shifting from rigid control lists to outcome-driven frameworks centred on resilience. Whether it’s the APAC Cybersecurity Framework or Australia’s Security of Critical Infrastructure Act, modern regulations focus less on preventing incidents and more on how you limit their damage and respond and recover.

Containment maps directly to this new focus. It is not just good security—it is increasingly required. Regulations now emphasise operational continuity and resilience. And increasingly, regulators are concerned about systemic resilience across entire industries, not just individual organisations. In this context, containment is not just a defensive tactic. It is a compliance imperative.

The APAC Shift Needed to Thrive in a Post-Breach World

The shift to a post-breach mindset demands a transformation in both culture and operations. Security is no longer about preventing breaches. It is about creating an environment where businesses can continue to thrive, even after an incident. This requires minimising downtime, boosting productivity, and reinforcing resilience.

In the post-breach world, success is defined not by how effectively you block threats but by how well you manage and contain them. Prevention is the lock on the door; containment is the entire security system.

Take the 2019 Ang Mo Kio jewellery heist, for example. The thieves broke through a lock, but they couldn’t bypass the strategic containment that Singapore’s security forces had set in place. In cybersecurity, we must adopt the same approach.

The post-breach world is not a distant possibility—it is already here. The quicker we embrace this reality, the more resilient we become, ensuring that we not only survive a breach but prevent it from escalating into catastrophe.