by Jennifer Arcuri, CEO, Hacker.House
Breaches and Data Theft on an Explosive Rise
There have been more than 11 BILLION records stolen by cyber criminals and the numbers are growing exponentially, while the cyber defenders in corporations and governments remain poorly skilled and poorly trained at handling this problem.
Company and government reactions was to create:
> Red Teams (penetration testers, internal hacking team)
> Blue Teams (IT helpdesk/system patchers/backup-and-restore staff and basic security tool managers).
A red team is an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view. It is particularly effective in organizations with strong cultures and fixed ways of approaching problems. The United States intelligence community (military and civilian) has red teams that explore alternative futures and write articles as if they were foreign world leaders. Formal doctrine ie publications about Red Teaming in the military exist.
Private business, especially those heavily invested as government contractors/defense contractors such as IBM and SAIC, and US government agencies such as the CIA, have long used Red Teams. Red Teams in the United States armed forces were used much more frequently after a 2003 Defense Science Review Board recommended them to help prevent the shortcomings that led up to the attacks of September 11, 2001. The U.S. Army then stood up a service-level Red Team, the Army Directed Studies Office, in 2004. This was the first service-level Red Team and until 2011 was the largest in the Department of Defense (DoD). (Source: Wikipedia)
A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation. (Source: Wikipedia)
Major Failure – Hence the Growth in Breaches and Data Loss
These teams failed to work well together creating animosity, finger pointing and internal chaos, continuing to leave doors wide open. In fact,
- High street training courses made up of theory and do not prepare students efficiently.
- Training courses taught within educational facilities do not teach the latest cutting-edge attacks, and mitigation techniques so they are not preparing students to be competitive or give them the tools necessary to succeed in industry.
- Employers need real skills, not just theory-based knowledge.
- Not every student needs to do a four-year degree in order to get skills for employment.
- Cyber Security is now demanding “purple skills” a mixture of red and blue teaming.
The concept behind it is simple and obviously a solution to the explosive growth in breaches and data loss – a team of experts take on the role of both the red team and the blue team, with an intention of providing a stronger, deeper assurance activity that delivers more value to the organization.
This enables traditional Blue Team IT staff to understand how the underlying vulnerabilities are exploited by hackers (and Red Teams) – whether they are common vulnerabilities and exposures (CVEs – see http://nvd.nist.gov) or software development flaws, with common exploit methods described in MITRE ATT&CK™, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge (see http://attack.mitre.org).
In addition, Purple Teams are better trained to ‘turn on the Human Firewall’ by being better educated in the common methods of social engineering used by cyber criminals and malicious insiders such as Phishing, Watering Holes, Whaling Attacks, Smishing attacks and Vishing attacks.
The best way to close the skills gap for any Red or Blue Team is to merge them into a single Purple Team and have all members gain the necessary skills and understanding through cross-pollination of information exchange in these areas of information technology, software development lifecycles, social engineering, penetration testing, vulnerability management, patching, system configuration and hardening to standards such as the STIGs from NIST.gov and keep the entire team in an always-ready-to-be-breached business mode.
It’s not “IF” we will get exploited, it’s “WHEN” so assume “WHEN” is right now. How will you react? If you are Purple Teaming, you are now one step ahead of the next threat because you’ve merged the ‘I can break into anything’ talent pool with the ‘I can fix anything’ on the network. Add the People dimension, especially with social engineering training and you’ve better turned on your Human Firewall. Employees more ready and engaged to be on the lookout for the latest threat and a Purple Team to back them up.
How to Start
At Hacker.House we’ve made the process much easier for you by creating an online enterprise training portal that can get Red Team members into the next phase of their skillset on penetration testing and at the same time get Blue Team members much more aware of how the company is being or will be exploited. Putting both teams through our training will build a Purple Team foundation for your organization, swiftly, and cost-effectively. Check us out and take advantage of our summer special where it’s only $990 per student right now – https://hacker.house/training/ learn at your own pace and build your Purple Team today.
About the Author
Jennifer is the CEO and Co-founder of Hacker House, Inno-Tech Network, video producer, serial entrepreneur, and Cyber Security Ethical Hacker. She is also a Top 25 Women in Cybersecurity. Experienced in information security, fund raising, social media, e-commerce, social commerce, website development, idea/brand development and implementation, mobile development/marketing, effective presentation and negotiating skills, creative problem solving, improvising, efficiency, highly enthusiastic networks of professionals, particularly entrepreneurs and investors in cyber security, entertainment, media, and tech based clusters in London, Newcastle, Oxford, Cambridge, Los Angeles, New York, SF, Silicon Valley, Across the ASEAN region, Middle East, South Africa, Scandinavia, and most of Europe. Hacker House was created to close the cyber security skills gap quickly, efficiently and effectively. Taught by world-renowned ethical hackers, our students are plunged head-first into real world cyber-attack simulations and assessed across a variety of practical assignments that cover every angle. In short, we teach students how to think, act and move like a hacker – and then outmaneuver them. Learn more at https://hacker.house