Large enterprises and organisations regularly conduct these exercises (which is good). Unfortunately the defenders aren’t doing a good job of stopping the attackers. This is why I got into promoting cyber deception as a way of detecting attackers moving laterally around an organisation…:
A new study from Exabeam has revealed that more than one-third of security professionals defensive blue teams fail to catch offensive red teams.
The survey also showed that 68% find red team exercises more effective than blue team testing, and more companies are practicing red over blue team testing.
As cyber-attacks become increasingly sophisticated and hack techniques become more highly targeted, organisations must learn how digital adversaries think to help identify gaps in their security programs.
Red teams consist of internal or hired external security professionals that emulate cybercriminals’ behaviours and tactics and gauge the effectiveness of the company’s current security technologies.
Blue teams consist of the organisation’s internal security personnel, tasked with stopping the simulated attacks.
In these test scenarios, the blue team must react without preparation, to give the company the most realistic picture of its defensive capabilities.
The study showed that 72% of respondent organisations conduct red team exercises, with 23% performing them monthly, 17% quarterly, 17% annually, and 15% bi-annually.
Only 2% say they always stop the red team, emphasising that organisations must constantly evaluate and adjust their security investments to keep up with today’s adversaries.