#HowTo: Create an Effective Red Team

Written by

Red teaming, or the use of ethical hackers to test an organization’s defenses, is now a common element of cybersecurity. These attack simulations can be very valuable and lead to significant improvements in cyber posture, as well as more awareness about real-world threats. But to gain the full potential (and a return on the investment) of engaging a red team, an organization must ensure its red team meets certain requirements.

The Benefits of an External Red Team

The most important benefit of hiring an external red team is that it offers small organizations, which are increasingly at risk of attacks and often don’t maintain a large cybersecurity department, an accessible option to test their defenses. And even for enterprises with internal red teams, external teams are often more effective and carry out more realistic attacks. They bring a more objective viewpoint regarding what sort of attacks and threats the organization is most likely to suffer. 

An external team also creates a more realistic attack scenario, as their tactics will likely be less familiar to the systems and people defending an organization than those of an internal red team, especially if that internal team has carried out multiple attacks. The external team is often a new and unknown enemy. In addition, an external team improves the chances of keeping the attack secret, which is also needed to get good results.

The Importance of a Red Team Lab 

Cyber-criminals and other bad actors are increasingly organized, efficient and businesslike. They invest resources in getting to know targets and practicing attacks, so when it is time to attack, they are prepared and more likely to succeed. 

A common part of bad actors’ preparation process is developing their tactics in labs to simulate an attack’s environment. The most effective red teams also adopt this practice, creating labs to understand the targets’ networks and test different attack methods. Red teams that use a lab to prepare can carry out more advanced attacks, giving the targeted company a more realistic picture of its cyber posture. 

Effective Red Teams Run a Command and Control Center

Another key element of an effective red team is making sure it can run a covert command and control center. This center allows the red team to communicate internally and perform stealthy operations, increasing their effectiveness in penetrating networks, exploiting uncommon vulnerabilities and exposing critical access points. Like maintaining a lab, setting up an operations and communications center allows the red team to mimic actual cyber-criminals leading to more realistic attacks.

Enterprises need to understand the high level of planning and organization of many cyber-criminals and groups. Businesses must let go of the outdated notion that attacks are random and carried out by individuals acting alone, and make sure red teams operate like today’s talented cyber-criminals. 

The Need for Customized Social Engineering Attacks

With social engineering attacks on the rise, red teams should take the time to study the client and its employees to create custom-made social engineering attacks that are likely to succeed. Social engineering attacks require the attacker to know something about the targeted individuals, as their goal is to get them to give over information or credentials that would later lead to access to networks or allow for a cyber-attack to be carried out. Increasingly, attackers use extortion methods against executives and their families and friends to get money or information that helps carry out an attack.

This means the red team must be aware of the latest trends in these attacks and the unique vulnerabilities of individuals inside the client organization. At the same time, the hiring organization and the red team should have clear agreements about the scope of such attacks and what may be off limits.

Good Communication Skills

A red team should demonstrate good communication skills, not just in their interactions with the hiring company’s cyber team, but also with executives throughout the organization. Ideally, a red team should provide a clear report of the actions they took, and the results. This should be put into perspective, so the client understands what it means for the business overall. This allows companies to prioritize mitigation in line with business goals.

A red team is an important human element of a comprehensive security strategy, which should also incorporate data-driven elements, including AI tools that identify and quantify risks. Enterprises just need to make sure that the red team they choose understands and embraces the most advanced tactics of today’s cyber-criminals.

What’s hot on Infosecurity Magazine?