What is Red Teaming?In the world of cyber security, ‘Red Teaming’ is an exercise that is designed to benchmark an organisations’ security controls and processes, particularly around physical security (for example access to buildings and computers / data held within it), general security awareness of staff, network security, procedures, and monitoring.
The end game of a Red Team attack is to provide an organisation with a complete ‘warts and all’ look at its security posture. Usually Red Teaming takes place during the assessment stage of a business’ security process - particularly if it is looking to invest in or upgrade its information security, or if it is carrying out a regular risk audit. It is particularly valuable to businesses for two key reasons:
1. There is no procedure or automated tool in the market that can test an organisation’s security as intelligently as the human mind.
2. Red Teaming tests an organisations’ security posture from many angles allowing them to more accurately pinpoint any holes or gaps in security and ensure the right policies, procedures and technology are put in place.
While some businesses may question whether Red Teaming is right for them, consider this: the team at Aura Information Security has a 100% hit rate and have been able to infiltrate every single business they’ve ever been hired to Red Team.
Perhaps more interestingly, it’s the less likely techniques that have helped the Aura team do so. From dumpster diving to gain alarm codes and fake tradie uniforms, through to hiding in bathrooms and asking cleaners to swipe them back to the main floor after hours – there’s no shortage of strange and perhaps glaringly obvious ways the Aura team has gained access to businesses and their data.
In general a typical red team exercise would take approximately one week to complete and involves the following:
• Simulated phishing and social engineering attacks targeted at staff
• Collecting information found on website and social media – this information can then be used for social engineering
• Bypassing lock and access control systems
• Assessment and attempted infiltration of any internet-connected services or devices
• Attempts to physically access the premises
• Attempts to remove data.
Once final, a report outlining techniques used, information gained and security improvement recommendations is presented to the customer.
Internationally, Red Teaming is a common practice for businesses and is considered to be part and parcel of doing business in an online marketplace. In New Zealand, Red Teaming is mostly done by larger corporates, however is fast gaining recognition as being a useful technique in the seemingly ongoing battle against cyber-criminals – particularly considering the growing number of online threats. So, if your business is looking to assess its security posture, why not put it to the real test and consider Red Teaming?