The red team is the perfect complement to our security operations team—typically known as the “blue team.” The blue team are the defenders. They create policies, security awareness, and technologies to keep our systems safe and secure. The red team’s charter is to seek out and expose potential weaknesses in both physical and cyber security. We go after everything from phishing schemes and social engineering, to attacks on employee computers, both inside and outside the office.
Not a lot of companies have red-team initiatives, but the companies who are really interested in protecting customer data do. In fact, red teaming was among the recommendations to help improve security in the aftermath of the 9/11 attacks. This growing trend is reflected in the recent book by Micah Zenko, “Red Team: How to Succeed by Thinking Like the Enemy”. He describes how red teaming is being used in government and industry to fight cyberattacks. To make the threat of cybercrime real to senior leaders, Zenko quotes Uptake’s own Chief Information Security Officer Nick Percoco whose recommendation is to tell real, relatable stories instead of burying them in metrics and technical information. Instead of detailing the technical vulnerabilities of a mobile device, for example, Nick would explain, “Here’s exactly how I could steal your personal photos or download your calendar off your phone.”
The best red team hackers are flexible, innovative, and able to think on their toes. They are persistent, and have an unconventional mindset. They have to be able to look at a brand new product or technology and ask, “How can this be used in a way the creators never intended?”—kind of like looking at a microwave oven and wondering, “What would happen if I put metal in it instead of food?”
Both red and blue teams are needed to ensure ironclad security. At Uptake, the blue team develops policies that protect data in various ways. They set up systems for data segmentation and restricting user access, ensuring that no one within the company can touch what they aren’t authorized to use. The red team continually tests these systems and safeguards. Instead of hiring an outside firm to spot-check our systems from time to time, we constantly look for new ways to get around policies and break security. Because if we don’t, someone else will. And because human awareness and intervention are still the most important line of defense, we also conduct employee awareness exercises and mock attacks to help them identify and stop phishing or social engineering attempts.
October is National Cybersecurity Awareness Month—a perfect time to ask yourself, “How secure is my organization’s data? Do we have a red team? Do our suppliers and vendors?” At Uptake, the security of our customers’ data is paramount. That’s why we count on the white-hat hackers of our red team to think like criminals for the benefit the company and our customers.
Matthew Jakubowski is the Director of Hackers and Hunters at Uptake.