Page 73 - Cyber Defense eMagazine August 2023
P. 73

Threat actors constantly look for better ways to gain access. Although critical systems may have thorough
            protection,  they  can  still  get  in  if  they  take  advantage  of  forgotten  hardware.  Red-teaming  is  only
            genuinely successful when it encompasses  every possible attack surface.



            5. Keep the Exercise Secret

            Although the blue team’s aim is to defend the business against the red team, they shouldn’t be aware of
            the exercise’s existence.  The entire point is to simulate a real cyberattack, so they should not know it’s
            coming.

            An organization  can get more accurate and valuable information about its threat detection and incident
            response when it keeps the process a secret. Cybersecurity teams that assume any unusual activity is a
            legitimate concern will respond much more realistically than during a regular penetration test.



            6. Recognize the Legal Obligations


            Although red-teaming  is supposed to simulate  an actual cyberattack,  certain actions should still be off-
            limits. Most organizations  have a legal duty to protect their customers’  details, so they must ensure the
            team’s efforts comply with applicable laws and regulations.

            For example, the Payment Card Industry Data Security Standards dictate that organizations  must protect
            customers’  financial  files  or  face  regulatory  action.  Other  acts  cover  health  records  or  personally
            identifiable information. Their relevance depends on the company’s location.

            Organizations that allow data security testing must ensure everything remains encrypted throughout the
            process.  Alternatively,  they  could  instruct  red  teams  to  only  act  in  compliance  with  regulations.
            Recognizing legal obligations can protect a company’s reputation.




            7. Stay Within Policy

            A comprehensive  red team exercise typically addresses  all attack vectors. However,  some things may
            be off-limits. For example, a cloud storage service provider may have specific rules regarding penetration
            testing. Organizations must inform their vendors of the process or ensure they stay within their policies.
            It can help them protect their business relationship.



            8. Protect Valuable Assets

            Creating  an  asset  list  is  crucial  before  a  red  team  exercise  begins.  Businesses  take  inventory  of
            everything  to  recognize  where  they  should  focus.  Also,  it  can  help  them  identify  potential  areas  of
            concern.  The  process  can  come  with  risks  —  like  data  corruption  —  so  they  should  take  relevant
            preventive measures.




            Cyber Defense eMagazine – August 2023 Edition                                                                                                                                                                                                               73
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   68   69   70   71   72   73   74   75   76   77   78