How We Can Help After You've Been Hacked

You get hacked. What can Pythia Cyber do for you? Once you have addressed the immediate problem and then done what you can to repair the damage, it is time to figure out what happened. That is when we can help. (If you follow the NIST CSF, we come in right after the Recover phase.)

In the Respond phase you address the immediate problem. In the Recover phase you do what you can to repair the damage. Then you fight off the temptation to rest and you go back to the Identify phase because you need to figure out what went wrong so you can make sure that it doesn't happen again.

As part of that investigation you have a very important question to answer: was the root of your problem systemic or not? This should involve a top-to-bottom review of your cybersecurity program. It is tempting to keep this in-house--who wants to air their dirty laundry?--but we recommend an objective, external, expert observer. "Expert" is obvious. "External" because it is hard to see the flaws in the system when you are part of the system. "Objective" because you want an opinion that is not influenced by which services you will buy based on that opinion. So beware of reviewers who are also looking to sell you services based on that review.

It is tempting to look for a scapegoat. It is tempting to offer the board and the shareholders and the public a scalp. This can be helpful in the short term but it can also be hurtful in the long term. Who wants to work for a program that might sacrifice you if something goes wrong, just to satisfy people's need to place blame?

This is not to say that accountability is not useful or appropriate. If policies were ignored or procedures not followed then there should be consequences. But this nice, simple scenario is often simply not applicable. Sometimes the policies were properly enforced by procedures which were flawlessly followed. Sometimes the problem was failure to adapt to something new. And sometimes the common practice of rewarding performance with promotion instead of direct compensation means that your most talented cyber defenders are working as mediocre managers and your actual cyber defenders aren't your best people and your cyber executives are out of their depth because their true calling is to be stellar managers.

This review is what Pythia Cyber can do for you: we can cast a cold eye on your policies and procedures without any incentive to find scapegoats or sell you on training packages (because we aren't fractional or freelance CISOs and we don't sell training packages). Even better, we can assess the talents of your staff to make sure that people are doing what they are good at, not what seniority dictates. So if you have the right people in the wrong jobs, we can help you straighten that out.

In order to fix the problem you must diagnose the problem. In order to diagnose the problem you have to look with expert but objective eyes. We can help you find the problem so you can focus on the problem and then fix the problem. You fix the problem by getting to where you want to be: the right people in the right jobs doing the right things for the right reasons.

Will this provide perfect cybersecurity? No, because perfect cybersecurity isn't possible. But this will give you the best shot at doing the best that you can.