A day doesn’t go by without finding out about another corporate cyber breach that has resulted in the loss of confidential information. These breaches create a huge amount of damage to businesses – both reputational and financial. A recent study released by PWC reveals that the cost of a security breach for a small business can amount to £311k while a large organisation can suffer damages of over £3.14m when such an incident occurs.
Furthermore, as the cyber threat landscape is continuously evolving, there is no silver bullet for protecting a business from cyber-crime. Therefore, it is essential to acknowledge that it is only a matter of time before a breach occurs. Possibly, one has already happened to you?
Are we at Risk?
With every business a target, the best option for reducing the risk of a cyber-attack is to build an effective defence but to do that you must first understand the threats you face. It’s taking the ‘think like a hacker’ approach and continuously challenging your organisation’s ability to detect and respond to breaches.
It is impossible to eliminate every cyber risk so arguably the ability to rapidly shut down breaches is more important. Remember, effective information security risk management is a critical component that protects a company’s reputation, and can prevent large-scale financial penalties and customer loss. In the world of information security, this means preparation. Similar to army war games, flight simulations or even fire drills, regularly practising for a real-world cyber-attack is a key aspect of risk management.
The issue lies in the fact many organisations do not know what sensitive company data is accessible to a determined attacker or what harm a breach could do to the organisation’s financial standing. They are unsure how effective their security measures are, how skilled the defensive team are, whether they can identify when they are being attacked and if they can respond effectively should a breach occur.
Red Teaming is one of the most powerful and effective risk management initiatives available to companies of any size. A well-conceived and executed Red Team engagement will highlight deficiencies in the key areas of people, processes and technology, uncovering inherent weaknesses across the organisation, not just from a technical standpoint but also from a risk control perspective.
The Red Team Approach
A Red Team simulation is a comprehensive methodology and assessment designed to test the impact of a breach. It gauges a company’s resilience to sophisticated, planned and sustained cyber-attacks, calculates and quantifies the business risks of a breach and in turn justifies defence priorities and investment so organisations can defend themselves more effectively.
This is an extremely valuable approach, particularly as a Red Team Operation is extensively tailored to the specific organisation, its sector, current security investments and business objectives to provide a realistic scenario.
To evaluate whether a Red Team engagement is for you, the team’s action plan includes:
- Reconnaissance: In-depth research and analysis to identify valuable information that can be used to exploit weaknesses within the target’s systems, processes and people.
- Weaponisation: An attacker then develops malicious code to target the most vulnerable systems appropriately.
- Delivery: Malicious code is typically delivered by emailing a victim, with either an attack package or a link to a malicious website. Alternatively, Internet accessible services can be targeted on a number of levels from simple brute force attacks to exploiting vulnerabilities.
- Installation: Malicious software can be installed on the target asset allowing remote access or visibility of information from the target.
- Command and Control: Multiple command channels are created to ensure access is maintained with the target.
- Privilege Escalation: Once a system is compromised, the attacker will attempt to increase their level of access to the target host.
- Lateral Movement: Attempts are then made to gain access to other systems and resources on adjacent network segments to find information and consolidate the compromise.
- Data Exfiltration: Once data of value has been identified, the Red Team will attempt to extract it from the target network without being detected.
At the completion of the Red Team engagement, a formal process of feedback to all stakeholders ensures the organisation acts quickly and meaningfully on the recommendations provided. Organisations will reap significant benefits in the form of a prioritised list of remedial actions that will strengthen an organisation’s defences.
By constantly reviewing and reporting the organisation’s attitude to security, its ability to resist the targeted attacks which are becoming the norm in today’s business environment will be significantly increased.
Today’s businesses need the detailed insight into their complete security posture that only a Red Team engagement can provide.