Red Team Operations is one of the most sophisticated methods of security testing and it certainly takes time to implement. What steps need to be taken?
What do companies need to implement to be able to establish Red Team Operations?
Establishing Red Team within an organisation is not something very simple. First of all, a company needs to achieve an appropriate level of cyber security maturity to be ready for this step. Defensive teams (monitoring, incident response, forensic etc.) as well as dedicated procedures and understanding of this type of activity should be in place first. Secondly, a company needs to ask itself a question – on what scale do we need to use Red Team Operations? If the answer would be (potentially) we need only one Red Team exercise a in a year/every two years then I would suggest to hire an external vendor rather than create an in-house team. We all need to remember that Red Teaming is one of the most sophisticated methods of security testing, with very few experts with relevant expertise and high salary expectations. Having one’s own Red Team without the actual need would not be economically justified.
How to effectively fight human error and employee negligence that is still a cause of some data breaches?
Human error continues to be number one cause of security incidents. Continued education and strengthening the awareness of the importance of the cyber security “hygiene” is crucial in addressing this problem. However, this will not be effective unless it’ is done in a smart way. Typical “e-learnings” for employees usually do not work properly. Following this kind of training an average employee is aware of the risks only for a couple of days, while we need them to be permanently aware and take appropriate actions. Communication regarding cyber security risks should be regular and based on some case studies/examples from real life. This is something that activates people’s imagination, maybe awakes some emotions, and thanks to that stays in their minds for a longer period of time. Moreover, we need to make sure managers and leaders set the right example while talking and walking the walk.
How to put in place protection strategies that deter attacks and ensure the security of information of your customers? How to gain and keep their trust?
In this context it is very important to engage many different stakeholders in this process. Security strategies are very important for the whole organisation as well as for their customers who expect their data to be kept safe by a bank or any other service provider/product supplier. A security strategy document should be created as a result of cooperation between security teams, business units who understand customers’ needs the best and support functions such as legal, compliance or marketing. A well-prepared cyber security strategy can be our competitive advantage, especially in times when cyberattacks are becoming more and more common thing with their scale growing every year. If wee’ are able to explain the importance of security measures to customers and demonstrate that we are adequately equipped to keep them safe, we will be able to win their trust. To be able to do it we need to have customer service and marketing people on-board.
Piotr Borkowski is Head of Red Team Operations and Cybersecurity Testing at Standard Chartered Bank. In his previous roles he was a manager at Deloitte Poland and expert in Governmental Computer Emergency Response Team in Poland. His areas of specialisation include offensive security, social engineering, OSINT, incident response.