“Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack.”
— Sun Tzu, The Art of War
Piratica is a risk management firm. We work directly with client organizations as well as with IT Service Providers to help them identify and understand the specific risk to their organization posed by cyber attack. In much the same way that a museum may hire a thief to find weaknesses in it’s physical security, our clients hire us to find weaknesses in their computer networks. We use the same tools, techniques and methods as malicious attackers to identify potential weaknesses and deliver detailed reports with clear, actionable metrics that can be used by the client to mitigate or eliminate the weaknesses discovered. We provide leverage to help our clients defend their systems.
How We Do It
The goal of most engagements is to identify vulnerable attack surfaces to reduce the risk of a malicious attacker to exploit those vulnerabilities for malice (destroy data, leak trade secrets, steal and sell client, patient or vendor data, etc.). We use many of the same tools, techniques and methodologies used by malicious attackers to mimic a real-world malicious attack (and as permitted by the scope and rules of engagement). The specific tools, techniques and methodologies will depend on the scope, rules of engagement, current trends in real-world attacks and the needs of the specific client / engagement.
What’s The Value
Today’s computer networks and the information that they contain are under constant threat of attack from all sides, internal (employee), external (remote attackers) or side channel (vendors, partners, etc.). In 2015, the Verizon Data Breach Incident Report recorded more than 2,100 confirmed breaches and calculated the average cost per breach affecting 1,000 records at between $52,000 and $87,000 and the average cost per breach affecting 10 million records at between $2.1 million and $5.2 million. Based on these numbers (actual cyber-liability insurance claims data), the costs of a breach can far outweigh the effort and resources required to keep your business secure.