The once-radical notion that cyber defenders should assume hackers are already in their network is now conventional wisdom. But the implications of it are still taking hold,…