Page 72 - Cyber Defense eMagazine August 2023
P. 72
1. Explain Limitations
Businesses should carefully communicate any limitations with the red team before moving forward. Even
though they aim to mimic a real-life cyberattack, it’s OK to tell them certain areas are off-limits. Even if
they don’t test some things, the best results are still achievable.
The process could result in file corruption or system downtime if they’re not careful, which is why having
an in-depth conversation is so important. Everyone needs to clearly and thoroughly discuss what actions
are acceptable. It can help them prevent critical errors or data leaks.
2. Identify Goals
The entire red team process is only genuinely useful with proper goal identification. While generally
improving security is a good starting point, it’s better to be specific. Industry type, hardware and software
can help inform it.
Cybersecurity professionals should also consider which security threats are relevant because
cybercriminals constantly adapt their approaches. In fact, organizations experienced a 35% increase in
the proportion of cyberattack methods and malware types during the pandemic.
Businesses must recognize their security needs and determine how red-teaming can align with them. For
example, they could decide to focus on how easily an attacker can access and exfiltrate files. It can help
them define their next steps once the process is over.
3. Treat the Process as Training
Even though the red team exercise may seem like a test, businesses should treat it as training. Instead
of considering it a pass-or-fail situation, they should view it as a series of learning opportunities. Every
internal and external party aware of the process should record successes and failures to identify potential
areas of improvement.
Thorough documentation ensures it translates into something actionable. For example, recognizing
unusual network activity may take the blue team longer than their employers initially anticipated. Instead
of facing punishment, they should learn how to improve. It can help them appreciate the situation and get
something valuable out of it.
4. Cover All Attack Surfaces
The red team must have comprehensive knowledge of every attack surface to perform their duties
adequately. While a business may only want to consider its most sensitive hardware, cybercriminals can
get in through anything. For instance, testing the old servers or storage systems is just as essential.
Cyber Defense eMagazine – August 2023 Edition 72
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.