It doesn't matter who did it
In the event of a cyberattack, your first response might be to hunt down the perpetrator. While this might provide closure, pinning down the source of the breach will do little to protect the business from future hacks. Further, the process of finding the responsible party will cost a lot of time and effort that could be better spent on boosting security.
Instead of wasting resources on searching for the cyber-criminal, focus on identifying the vulnerability that led to the attack and exactly which information was affected. Learning from past mistakes is an essential step towards creating a more comprehensive security strategy.
(Image source: bykst via Pixabay)