If you're a smaller organisation, then spending too much time on "what if my private network is not private" will also cause you to struggle.
For most people, in most practical scenarios, you have to hang your hat on something.
Yes, take basic precautions, but if you lacked the chops to keep your private network private, then you have little or no chance of preventing the ensuing attacks.
Defense in depth exists for a reason.