Almost every day the press informs us of another corporate cyber breach that has resulted in the loss of confidential information. These breaches cause the victim a huge amount of damage – both reputational and financial. It’s a repetitive cycle that is enough to keep any senior executive awake at night. There is no doubt that today’s executives are only too aware of the risk a cyber-attack poses to their business. Two of the most common concerns they face are limited visibility of cyber risk and knowing whether the investments they are making to protect themselves are really working. These investments include security technology and services, incident response plans, information security policies and user cyber awareness training. For example, a business could have a strong password policy but it has been inadequately implemented or adhered to by staff. Assessing the effectiveness of security investments and quantifying the damage a cyber-attack can inflict are key components of a Red Team engagement. By using a highly specialised team of security experts that view businesses from an attacker’s perspective, Red Teaming continuously challenges security systems, policy and personnel. This enables key stakeholders to improve counter measures, identify gaps in risk management frameworks and direct additional investment to where it would be most effective. Over the coming weeks, we’ll be presenting a number of scenarios, examples and anonymised real-world use-cases to show the value of Red Team engagements by identifying how the outcome of the exercise can be used to protect critical assets, improve processes and prioritise resources. In the meantime, you can download our white paper to gain an understanding of methodology used to assess whether your security investments are performing.
11 May 2016