Page 72 - Cyber Defense eMagazine August 2023
P. 72

1. Explain Limitations

            Businesses should carefully communicate any limitations with the red team before moving forward. Even
            though they aim to mimic a real-life cyberattack,  it’s OK to tell them certain areas are off-limits. Even if
            they don’t test some things, the best results are still achievable.

            The process could result in file corruption or system downtime if they’re not careful, which is why having
            an in-depth conversation is so important. Everyone needs to clearly and thoroughly discuss what actions
            are acceptable. It can help them prevent critical errors or data leaks.




            2. Identify Goals

            The  entire  red  team  process  is  only  genuinely  useful  with  proper  goal  identification.  While  generally
            improving security is a good starting point, it’s better to be specific. Industry type, hardware and software
            can help inform it.

            Cybersecurity  professionals  should  also  consider  which  security  threats  are  relevant  because
            cybercriminals  constantly adapt their approaches.  In fact, organizations  experienced a 35% increase in
            the proportion of cyberattack methods and malware types during the pandemic.

            Businesses must recognize their security needs and determine how red-teaming can align with them. For
            example, they could decide to focus on how easily an attacker can access and exfiltrate files. It can help
            them define their next steps once the process is over.



            3. Treat the Process as Training

            Even though the red team exercise may seem like a test, businesses should treat it as training. Instead
            of considering  it a pass-or-fail situation,  they should  view it as a series of learning  opportunities.  Every
            internal and external party aware of the process should record successes and failures to identify potential
            areas of improvement.

            Thorough  documentation  ensures  it  translates  into  something  actionable.  For  example,  recognizing
            unusual network activity may take the blue team longer than their employers initially anticipated. Instead
            of facing punishment, they should learn how to improve. It can help them appreciate the situation and get
            something valuable out of it.



            4. Cover All Attack Surfaces

            The  red  team  must  have  comprehensive  knowledge  of  every  attack  surface  to  perform  their  duties
            adequately. While a business may only want to consider its most sensitive hardware, cybercriminals can
            get in through anything. For instance, testing the old servers or storage systems is just as essential.






            Cyber Defense eMagazine – August 2023 Edition                                                                                                                                                                                                               72
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   67   68   69   70   71   72   73   74   75   76   77