If you follow the news, it won’t have escaped your attention that cyber breaches are becoming more common.
The types of attack change all the time, and cyber-criminals are becoming increasingly sophisticated in their methods. So, if you run a business, it is natural to be concerned about whether your organisation could be the next one to fall victim to a cyber-attack.
In the event of a breach, you would be the one left to explain to customers, suppliers and partners what went wrong, and why your security controls were ineffective. And given the fact that more than half of all British businesses have reported cyber-attacks in 2019, this is something that needs to be taken very seriously.
Red Team Operations
Red Team Operations are a form of ethical hacking in which a team of cyber-security professionals, attempts to breach your systems using the sorts of techniques employed by cyber-criminals.
These operations usually have a specific target – such as stealing your customer data – and can be commissioned without your IT and security staff knowing anything about them. This allows you to test how well your team is able to identify and respond to a real-world attack.
How does Red Teaming work?
You may be aware of penetration tests, which are another, more well-known form of ethical hacking. These are highly focused assessments that usually take place over a few days. A Red Team Operation expands on this idea, comprehensively challenging your security defences, and being conducted over the course of weeks and months.
In conducting a red team operation, the team of ethical hackers conducting the assessment will use a variety of tools and techniques in order to gather as much information as possible about the target business.
This will then be followed by identifying vulnerabilities and planning an attack. This could involve exploiting vulnerabilities in systems and applications, brute force attacks to crack employee passwords, or crafting phishing emails that fool staff into giving out information unwittingly or even trigger the installation of malware.
Once access to the network has been obtained, the Red Team will attempt to move laterally through the network in order to achieve an agreed objective, which could involve compromising an asset or user account and/or exfiltrating data.
Who do you need to plan a Red Team engagement with?
There are many different ways to plan a Red Team Operation, influenced by what you are trying to achieve. It is important to get approval from the board and director level, but you may also need to conduct risk management to ensure that the activities of the Red Team are understood by those who need to know. This helps to ensure that the engagement stays within approved parameters.
You will also need to get legal, compliance, and HR approval internally in order to make sure that the risk of any non-compliance or liability is avoided, and the risk to individuals is understood by your HR department.
Making the most of a Red Team Operation
At the completion of the engagement, the Red Team will provide high-quality feedback which provides information on the key findings and recommendations that they have been able to establish.
This feedback should include suggestions addressing your IT and security team and the changes that you can make, as well as information such as risk analysis and strategic improvements.
Will a Red Team Operation validate the effectiveness of your cybersecurity staff?
Whether you get peace of mind that your team has your business confidently protected, or you face the challenge of significantly improving the practice of your staff, Red Team Operations provide crucial information for medium to large organisations.
The outcome of Red Team Operations is rarely clear-cut – don’t expect to discover either that your staff are doing a perfect job, or that they are doing terribly. Instead, it is a valuable opportunity to improve the security posture of your organisation and make it less likely that a cyber-attack is successful.
For when it comes to cyber-crime, there is no silver bullet. The threat landscape is constantly changing, and that means that your business and security team needs to do the same. It is essential that your staff are willing to embrace change in order to improve themselves and the security procedures of your organisation.
Dakota Murphey is a Brighton-based tech geek, writer, and mum to two young scamps. With the tiny little bit of time that’s left after tending to said scamps and geekery, our Dakota is a bit of a film buff and loves a box set, a fine-dining experience, and the odd glass or five of vino.