Based on our experience over the last year, companies large and small are ramping up their security testing measures – and this comes as no surprise given the scale of the threats facing businesses in the digital era.
The growing number and frequency of data breaches and cyber attacks is an intimidating prospect for company boards and owners, particularly with cyber crime becoming ever-more sophisticated at the very time when customers are scrutinising the way that you treat their data.
Of course, the rising consumer and media awareness of data security is a trend that is only set to increase under the new EU General Data Protection Regulation (GDPR) which is now in force. When you consider the combined potential consequences of inadequate information security – regulatory penalties, reputational damage and commercial losses - it is clear why testing the security posture of your organisation has become a priority.
In response, companies are taking a more strategic approach to testing than in previous years, aiming to find an answer to the key question of whether their critical information assets are secure.
Penetration tests and vulnerability scans – which we’ve assisted companies with from the outset of the digital age - certainly retain a role in preventing security lapses. But they alone are not sufficient to provide complete assurance.
This is where red teaming comes in. It’s traditionally a term from the military, where the red team would play attacker, and the blue team would play defence in a simulated attack. In cybersecurity terms, red teaming now refers to ‘ethical hacking’, where a team of independent professionals aims to breach your organisation’s information assets and discover how well your people, technology and physical infrastructure stand up to attack.
Red teaming aims to expose vulnerabilities at all levels, providing a truly comprehensive test of your organisation’s ability to fend off a real-life cyber attack. This testing method is already common in the financial services and defence sectors, and is beginning to attract attention from organisations across other industry sectors too.
Pen tests are typically focused on specific networks, systems or applications, such as a new mobile app, aiming to expose and exploit every possible vulnerability. In line with more strategic objectives, red teaming will assess, for instance, whether intellectual property is secure, and whether customer data or payment details could be breached. It will incorporate some tests that are similar to pen tests, but the overall scope is far wider.
To test your organisation’s defences, red teams will use all possible means to breach your assets, simulating hackers by adopting social engineering techniques, attempting physical breaches and exposing human vulnerabilities.
This will provide you with detailed insight into how well you are geared up to withstand a cyber attack, what your response would be and what action you need to take to remedy any weaknesses.
With the complexity, frequency and impact of cyber threats on the rise, it’s no wonder that security testing is coming under the spotlight.
Watch this space for our forthcoming blog looking at how to choose the right external consultancy to support your red team security testing.