Yesterday, I have been asked what exactly RTEs are and why are they useful?
As I believe a good analogy worth a thousand words, I tried to find one than can be understood by any layman. The vaccine principle stroked me as the perfect one.
Red Team Exercises principle is to launch an attack against your organisation like a vaccine will do to your body. The mechanisms used by the vaccine are exactly the same as the real virus except it doesn’t destroy or weakened your body. Instead it allows your body to learn how to fight it in order to be better prepared when he will face the real deal.
That’s exactly what RTEs are about: boosting your company’s immune system by allowing your white cells (your security personnel) to learn how to fight the intruder.
How often did we hear that a risk assessment was extravagant because the system administrators thought the system was not so sensitive for the company business? How many times have we been told that a kind of attack was difficult to carry or that we had view too many James Bond like movies? Rarely does that happen after an RTE as vague threats become concrete and evidenced. It allows your operational teams to better understand that the reality of this “war” against criminals is not about isolated risks but systemic risks. It is about preventing viruses to enter your body. Any breathing, any wound, any contact with an external source can be start of a chain of events that will lead to your infection. And sometimes, infection means death if you don’t threat it well on time.
As there is as many vaccines as there are viruses, there are as many RTE scenarios as possible attacks and threats: Cyber-attacks, credit-card fraud, identity fraud, espionage, theft, industrial espionage and so on.
So, what disease are you the most afraid of?