{"id":593484,"date":"2023-01-03T05:49:28","date_gmt":"2023-01-03T11:49:28","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/03\/how-does-red-teaming-test-the-ultimate-limits-of-cyber-security\/"},"modified":"2023-01-03T05:49:28","modified_gmt":"2023-01-03T11:49:28","slug":"how-does-red-teaming-test-the-ultimate-limits-of-cyber-security","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/03\/how-does-red-teaming-test-the-ultimate-limits-of-cyber-security\/","title":{"rendered":"How does red teaming test the ultimate limits of cyber security?"},"content":{"rendered":"<div id=\"content-header\">\n<h2>An expert ethical hacker reveals how he goes about carrying out a red team exercise<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/shapland_rob.jpg\" alt=\"Rob Shapland\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Rob-Shapland\">Rob Shapland,<\/a><br \/>\n\t\t\t\t\t\t<span>Falanx Cyber<\/span>\n\t\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>29 Dec 2022<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p>Hacking can be a dirty word. It evokes images of a person sitting in the dark with a black hoodie on, hunched over a keyboard, in front of multiple screens, attacking an innocent business, or individuals, online. It automatically generates thoughts of terrible ransomware attacks and cyber criminal gangs with names such as <a href=\"https:\/\/www.bbc.co.uk\/news\/technology-59297187\">Evil Corp<\/a>.<\/p>\n<p>But cyber criminals have a foe \u2013 ethical hackers. We hack companies to show them their weaknesses so they can fix them before they are breached.<\/p>\n<p>Companies are aware that cyber attacks are increasing by <a href=\"https:\/\/www.cybersecurity-insiders.com\/a-50-increase-in-cyber-attacks-year-on-year\/\">50% year on year<\/a>. With organisational spending on cyber security at an all-time high, firms are spending significant amounts on their security infrastructure. I\u2019m often asked: How can we know that our cyber security is working effectively?<\/p>\n<p>My advice to companies is simple \u2013 invest in a red teaming test.<\/p>\n<p>Red teaming is the practice of simulating a multi-layered cyber attack that tests the effectiveness of every aspect of an organisation\u2019s security. Rather than running the risk of financial and reputational damage after being hit by a ransomware attack, hire ethical hackers to simulate an attack to unearth vulnerabilities, so that they can be addressed before it\u2019s too late.<\/p>\n<blockquote>\n<div>\n<figure>\n   \u201cThe only real way you can determine the effectiveness of your security is by getting hacked. Red teaming tests employ both virtual and physical methods to probe for weakness, exactly as a cyber criminal would\u201d<br \/>\n  <\/figure><figcaption>\n   <strong>Rob Shapland, Falanx Cyber<\/strong><br \/>\n  <\/figcaption><\/div>\n<\/blockquote>\n<p>Cyber attacks \u2013 like when <a href=\"https:\/\/www.which.co.uk\/news\/article\/revolut-data-hack-what-you-need-to-know-aARKk0q9jyPG\">Revolut was breached in September 2022, revealing 50,000 customers\u2019 sensitive data<\/a> \u2013 may have been prevented with a red teaming test that would have pinpointed the threat social engineering posed to the team.<\/p>\n<p>For a company to be put through its paces, it needs to be tested through active and proactive attacks of both its virtual and physical systems, using the same tactics, techniques and procedures as cyber criminal groups are using right now. My team typically carries out a red teaming mission in five steps:<\/p>\n<ol>\n<li>We always begin with open source intelligence gathering (OSINT). As with the first stage of any operation, we begin an attack by investigating a company and its employees, gathering inadvertently revealed information. This comes from a variety of sources with a focus on the corporate and staff\u2019s social media pages. We use this to plan our attacks, both cyber and physical.<\/li>\n<li>We then identify internet-facing systems that may have been insecurely configured or have login pages we can access using stolen credentials, as potential access points to break into an organisation.<\/li>\n<li>This is typically supported by email phishing and telephone vishing attacks \u2013 two hacking techniques, together known as social engineering. By phone, we call employees to try to have them divulge sensitive login information. Then we send phishing emails using personal information gathered during OSINT to trick employees into revealing sensitive information, like their username and password, or to open an attachment that would let us into their computer.<\/li>\n<li>Last, but certainly not least, is the physical intrusion of their premises. It may surprise you to hear that cyber attacks can happen in person. This is my specialty. To simulate this, we use various tricks and disguises to access the organisation\u2019s offices to compromise its network, plant keylogger devices, or steal valuable information right from under the business\u2019s nose. At Falanx Cyber\u2019s office, we have a wardrobe full of costumes from an everyday plumber to a postman\u2019s uniform, that we wear as a disguise to test whether a company\u2019s security will let unauthorised people into the building.<\/li>\n<li>All these steps combine to allow us to breach the perimeter and access the organisation\u2019s internal network. When we find a successful route in, we will then attempt to escalate our privileges to gain access to sensitive data that a cyber criminal would target. The process culminates in a strategic report, detailing identified weaknesses, and recommendations for making an organisation\u2019s defences more robust.<\/li>\n<\/ol>\n<p>Red teaming exercises provide a comprehensive look at just about any tactic, vulnerability, or entry point cyber criminals might use to breach your systems. Without one, companies will never know how secure their systems are.<\/p>\n<p>With <a href=\"https:\/\/www.verdict.co.uk\/uk-data-breaches-human-error\/\">almost 90% of hacks<\/a> due to human error, it\u2019s important to test your employees\u2019 cyber defence abilities. And unlike a simulated penetration test, staff are unaware that a red teaming mission is underway against them \u2013 almost like a mystery shopper. It truly is the best way to improve overall security, with the bonus of reinvigorating your staff\u2019s commitment to cyber security by putting them through their paces.<\/p>\n<p>This may be unsettling to hear, but the only real way you can determine the effectiveness of your security is by getting hacked. Red teaming tests employ both virtual and physical methods to probe for weakness, exactly as a cyber criminal would. Knowledge is power. Find out what your weaknesses are so you can put in place the defensive and offensive protections to mitigate them.<\/p>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on Hackers and cybercrime prevention<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/tip\/Top-key-ethical-hacker-skills\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/keys_a133225231_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/keys_a133225231_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/keys_a133225231.jpg 1280w\" alt ><\/p>\n<h5>Top 5 key ethical hacker skills<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/shapland_rob.jpg\" alt=\"RobShapland\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Rob\u00a0Shapland<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.computerweekly.com\/news\/252527437\/New-gold-standard-to-protect-good-faith-hackers\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ethical-hacker-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ethical-hacker-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ethical-hacker-adobe.jpg 1280w\" alt ><\/p>\n<h5>New gold standard to protect good faith hackers<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/tip\/The-top-ethical-hacker-tools-to-learn\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a210892891_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a210892891_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a210892891.jpg 1280w\" alt ><\/p>\n<h5>The top 5 ethical hacker tools to learn<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/shapland_rob.jpg\" alt=\"RobShapland\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Rob\u00a0Shapland<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/feature\/Is-ethical-hacking-legal-And-more-ethical-hacking-advice\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/books_g964794214_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/books_g964794214_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/books_g964794214.jpg 1280w\" alt ><\/p>\n<h5>Is ethical hacking legal? And more ethical hacking advice<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/harford_isabella.jpg\" alt=\"IsabellaHarford\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Isabella\u00a0Harford<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/opinion\/How-does-red-teaming-test-the-ultimate-limits-of-cyber-security\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Raleigh Fleishman<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An expert ethical hacker reveals how he goes about carrying out a red team exercise By Rob Shapland, Falanx Cyber Published: 29 Dec 2022 Hacking can be a dirty word. It evokes images of a person sitting in the dark with a black hoodie on, hunched over a keyboard, in front of multiple screens, attacking<\/p>\n","protected":false},"author":1,"featured_media":593485,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1698,46,2026],"tags":[],"class_list":["post-593484","post","type-post","status-publish","format-standard","has-post-thumbnail","category-teaming","category-technology","category-ultimate"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/593484","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=593484"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/593484\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/593485"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=593484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=593484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=593484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}