14 Apr 2021
As today’s organizations cautiously unclench from the past year’s COVID-driven operations and gradually resume some semblance of normalcy, there are aspects of business that will never be the same. New perspectives, workarounds, and efficiencies developed throughout the pandemic are likely here to stay —and so are elevated and complex cyber threats. That’s where IT security ears need to perk up. While IT pros and assessors alike are accustomed to adapting their approaches as technology advances, the past year’s pandemic saw opportunistic cybercrime explode across the globe by as much as 400%. So today, we’re exploring how Red Team strategy is hyper-focusing to reflect these dramatic changes in cybersecurity, and how you can set your RTA up for success. An RTA Strategy for Today On the Red Team front, attack simulations have long held a unique spot in an organization’s overall evaluation of its security posture. While other forms of testing address misconfigurations and unpatched vulnerabilities, Red Team Assessments (RTAs) replicate the real-world tactics of an actively opposing force (aka cybercriminals). When expertly done, RTAs afford organizations beneficial insights needed to elevate their ability to detect and respond to an actual malicious incident. While the stages of Red Teaming remain largely universal (Reconnaissance, Initial Compromise, Privilege Escalation, Internal Reconnaissance, Compromise, Exfiltration, Reporting), tactics have always varied greatly, primarily depending upon an organization’s assets and related goals, levels of access given, whether the internal team or external experts are conducting the RTA, whether or not surprise elements are included, etc. But arching over stages and tactics is Red Team strategy. And in today’s rapidly evolving, often globally hostile cybersecurity environment, there are key considerations experts call out to ensure you reap the greatest value from your RTA and help protect your organization against the growing cyber-fury of today’s security landscape, including:
- Go Big or Go Home: In today’s escalated threat reality, limited Red Team exercises will yield limited insights and value, if any at all. That’s why an effective RTA for this era needs to mimic your company’s worst security and/or operational nightmare. Set goals and scenarios that widen eyes – and then remind everyone that you’re addressing such a worst-case scenario via an RTA so you hopefully never have to in real life (or if you do, the rigor of your RTA will mean you’ll be ready to quickly detect and respond to the incident, thereby greatly minimizing collateral damage). Anything less could well be a waste of time and resources, and perhaps even set your team up with a false sense of security.
- Include In Scope the Assets That Hackers (Not You) Value and See: We’ve mentioned this in several blogs, but that’s because it’s a frequent miss among organizational leaders. What your company values, and therefore focuses on protecting, could leave what hackers value vulnerable. An independent, expert assessment team who knows your industry well will be able to more objectively assess your full environment and point you in the direction of how to secure your most sought-after valuables. They’ll also not make the mistake you may of failing to address older, forgotten assets that present an “out-of-sight” pathway in for malicious actors.
- Lay the Foundation for a Smooth RTA: You’d think this might go without saying, but many RTAs get tripped up when basic parameters aren’t set clearly and in coordination with all stakeholders, such as gaining permissions in advance, carefully communicating scope and what’s off limits, and including tactics that address vulnerabilities unique to your organization or the current threat landscape (for a current example, security risks exacerbated by remote workers).
- More Than Ever, It’s Your People: With social engineering of employees accounting for up to 91% of all breach attempts, connecting the human dots in your security posture is key to defending from within. This is where an RTA has the opportunity to be more than an exercise in threat detection. By testing and debriefing your greatest vulnerability, your people, you can elevate the experience into meaningful training that helps transform your team into the human firewall you need.
- It’s Not a One-and-Done: If you treat your IT Security Assessment or RTA as annual events, you’re missing critical data the rest of the year. Coupling such activities with ongoing Network Vulnerability Management will provide the depth you need annually, as well as 24/7-365 scanning, so you always know where your security stands and can make real-time adjustments to head off or minimize any issues.
- Keep the Lines of Communication Open: Just as so many parts of success in business come down to culture, so does security. Until you have an environment of openness, honesty, and mutual respect, an RTA or any security exercise will provide minimal benefit. Foster a workplace where folks can share their observations, concerns, even freely admit mistakes and ask for help —then you’re on the path to building your team into that human firewall.