Page 73 - Cyber Defense eMagazine August 2023
P. 73
Threat actors constantly look for better ways to gain access. Although critical systems may have thorough
protection, they can still get in if they take advantage of forgotten hardware. Red-teaming is only
genuinely successful when it encompasses every possible attack surface.
5. Keep the Exercise Secret
Although the blue team’s aim is to defend the business against the red team, they shouldn’t be aware of
the exercise’s existence. The entire point is to simulate a real cyberattack, so they should not know it’s
coming.
An organization can get more accurate and valuable information about its threat detection and incident
response when it keeps the process a secret. Cybersecurity teams that assume any unusual activity is a
legitimate concern will respond much more realistically than during a regular penetration test.
6. Recognize the Legal Obligations
Although red-teaming is supposed to simulate an actual cyberattack, certain actions should still be off-
limits. Most organizations have a legal duty to protect their customers’ details, so they must ensure the
team’s efforts comply with applicable laws and regulations.
For example, the Payment Card Industry Data Security Standards dictate that organizations must protect
customers’ financial files or face regulatory action. Other acts cover health records or personally
identifiable information. Their relevance depends on the company’s location.
Organizations that allow data security testing must ensure everything remains encrypted throughout the
process. Alternatively, they could instruct red teams to only act in compliance with regulations.
Recognizing legal obligations can protect a company’s reputation.
7. Stay Within Policy
A comprehensive red team exercise typically addresses all attack vectors. However, some things may
be off-limits. For example, a cloud storage service provider may have specific rules regarding penetration
testing. Organizations must inform their vendors of the process or ensure they stay within their policies.
It can help them protect their business relationship.
8. Protect Valuable Assets
Creating an asset list is crucial before a red team exercise begins. Businesses take inventory of
everything to recognize where they should focus. Also, it can help them identify potential areas of
concern. The process can come with risks — like data corruption — so they should take relevant
preventive measures.
Cyber Defense eMagazine – August 2023 Edition 73
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.