Cyber-attacks are more targeted and financially motivated than ever before. The random whiz-kid and activist hackers have made way for disciplined and well organised criminal groups for hire to the highest bidder, costing Australian businesses millions each year.
The public and market expectations for security has and is continuing to grow rapidly. Legislation is also catching up and Australian Company Directors are now personally liable for breaches involving customer data, hence, driving cyber security up on the executive agenda.
RED Team engagements are the most realistic way to test the resilience of not only your IT controls (i.e. firewalls) but also of your people, processes and facilities. Our attacks will expose tangible and non-repudiable flaws in your security implementation that require remediation .
Simulating a team of skilled and motivated attackers, the Privasec RED Team will craft and relentlessly execute a series of real-life attack scenarios to breach your security by any means possible (within the boundaries of the law and what is agreed with you). Thinking outside the box like a potential attacker, they will combine intelligence gathering, social engineering, hacking, physical intrusion and other deceptive techniques to compromise your defences and gain access to your most critical information.
As opposed to traditional testing, Red Team engagements are multi-layered and focus on the objectives rather than the method, allowing our team to think outside the box to create innovative scenarios you may not have planned or prepared for, allowing to you to identify blind spots in your defence strategy. A Red Team engagement scope primarily defines the don'ts (i.e. what cannot be done) rather than the do's, leaving our Red Team as unrestricted as an attacker would be.
Your lead consultant will discuss the objectives of the assessment as well as the methods, techniques and systems excluded and included from the scope of the exercise. You can also ask for specific methods to be included if you need to test a particular process or policy (access card cloning, random dropping of USB infected sticks, etc).
Timeframes will be discussed and agreed upon prior to commencement and will vary depending on the required level of sophistication desired.
You will be notified one day prior to the commencement of the attack by your lead consultant. Our RED Team will remain anonymous so as not to influence the results of the attack in either way.
Our RED Team will conduct reconnaissance activities, including physical surveillance, intelligence gathering and signal scanning, to identify potential gaps in security controls and craft targeted and concerted attack scenarios which they will then execute.
You will be provided with regular updates on the progress of the exercise.
At the conclusion of the exercise, a formal report will be presented to you, detailing step by step, the attacks carried out along with supporting evidence, the results of each scenario and prioritised recommendations to reduce your exposure to future attacks.
The effectiveness of Red Team attacks comes from its 'clear-cut' evidencing of security weaknesses. It bypasses the risks/potentials and other 'ifs' to deliver very tangible evidence which cannot be argued against.
To discuss how the Privasec RED Team can help you test your defences and/or train your staff, call us on 1800 996 001 or use the contact form below.
Our direct and flexible approach means we can get your Red Team attack going in as quickly as 24 hours.