What We Do

Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack.
— Sun Tzu, The Art of War

Piratica is a risk management firm. We work directly with client organizations as well as with IT Service Providers to help them identify and understand the specific risk to their organization posed by cyber attack. In much the same way that a museum may hire a thief to find weaknesses in it’s physical security, our clients hire us to find weaknesses in their information security strategy.  We use the same tools, techniques and methods as malicious attackers to identify potential weaknesses and deliver detailed reports with clear, actionable metrics that can be used by the client to mitigate or eliminate the weaknesses discovered.  We provide leverage to help our clients defend their systems.

How We Do It

The goal of most engagements is to identify vulnerable attack surfaces to reduce the risk of a malicious attacker exploiting those vulnerabilities for malice (destroy data, leak trade secrets, steal and sell client, patient or vendor data, etc.). We use the same tools, techniques and methodologies used by malicious attackers to  mimic a real-world attack (and as permitted by the scope and rules of engagement). The specific tools, techniques and methodologies will depend on the scope, rules of engagement, current trends in real-world attacks and the needs of the specific client / engagement.

What’s The Value

Today’s computer networks and the information that they contain are under constant threat of attack from all sides, internal (employee), external (remote attackers) or side channel (vendors, partners, etc.).  In 2015, the Verizon Data Breach Incident Report recorded more than 2,100 confirmed breaches and calculated the average cost per breach affecting 1,000 records at between $52,000 and $87,000 and the average cost per breach affecting 10 million records at between $2.1 million and $5.2 million.  Based on these numbers (actual cyber-liability insurance claims data), the costs of a breach can far outweigh the effort and resources required to keep your business secure.