Red versus blue: the battle of IT security
Are you backing the right team?
When it comes to data security and protection, the common misconception is that New Zealand is ‘safe’ at the bottom of the world. While New Zealanders live a fairly sheltered existence south of the equator, unfortunately when it comes to cyberattacks, it’s not a matter of if – but when.
On Thursday 3rd October, security experts Advantage hosted an industry event – Red vs Blue team: which IT security team do you back? While you could be mistaken for thinking it was a foosball competition or military drill, the purpose of the event was to educate IT professionals working in small to medium-sized New Zealand businesses, about the very real threat of cyberattacks – and how they can protect themselves.
“To think that we’re not a target is naïve,” says Advantage’s newly appointed regional executive Steve Smith. “In fact, that makes us a very easy target. We set up the event to show what the Red Team does in a good way, but also that there are people out there who follow and use the same techniques in a bad way – and they’re constantly trying to use brute-force attacks to hack networks around the world.”
Red Team: if your network was compromised, would you know?
Representing the ‘Red Team’ was Brett Moore from Insomnia Security. Since starting his company over a decade ago, Brett has performed hundreds of assessments for clients across a wide range of industries.
Red Teams work by simulating real-world network attacks, providing a realistic assessment of an organisation’s ability to protect against and respond to network breaches.
He explained how Red Teams differ from standard penetration testing by working towards meeting a goal or objective, making use of a wide range of tactics, techniques and procedures to leverage access into any part of a business. Using this simulated, controlled exercise – gives security teams a chance to practice detecting and responding to attack within a production environment.
“When engaging with a Red Team, you need to be open to setting minimal scoping restrictions. Anything goes with real attackers – so the Red Team needs the same freedom,” says Brett.
Blue team: don’t wait, be prepared
If the job of a Red Team is to break in, then it’s the job of a Blue Team to keep attackers out. Managing director at Advantage, Brad Pearpoint has 13 years’ experience in designing, implementing and maintaining critical infrastructure, and has been a key pillar of Advantage’s security services development.
Brad spoke to the value of having a Blue Team involved to monitor your networks 24/7, implementing the technologies, threat intelligence, people and processes to stop threats from coming in the door. And by the sounds of things, the Blue Team is needed now more than ever. For businesses in the APAC region, it takes on average 1000 days before a cybersecurity breach is found, often referred to as ‘dwell time’. That’s just under three years!
“New Zealand businesses kind of have their head in the sand but the reality is, it’s happening to organisations all the time – they just don’t know yet,” says Brad.
Privacy and GDPR changes
To round out the conversation, Richard Wells discussed the new privacy bill due to come into force in 2020. A commercial lawyer with more than 20 years’ Richard has experience in the technology, privacy, IP and media fields across several jurisdictions. He assists companies with their privacy compliance obligations and has helped companies manage, assess and respond to significant privacy breaches.
Richard also outlined the responsibilities of New Zealand companies to protect data and outline the process when data has been breached. He also discussed the new GDPR regulations being enforced overseas, the financial penalties that come with those regulations.
“In the lead-up to 2020, New Zealand businesses should be putting systems and processes in place to identify data breaches, have a clear, written plan, and implementing privacy risk assessment and ‘dashboarding’.”
Are you ready for a breach?
Steve has some last advice to businesses. While red is used to describe the ‘bad guys’ and the blue team defend, the most effective approach for SMEs and midmarket businesses is to allow the two teams to work together (or against each other, as the case may be).
“Don’t be afraid of investing in security – it’s not worth the financial repercussions or the bad publicity if you don’t,” says Steve. “People like you and I want to know that businesses are taking every precaution to ensure our data is secure.
“If your business doesn’t have the in-house skills to implement security measures, seek specialist help. This is what we do, and we can give you that peace of mind that someone is watching your network 24/7.”
More Red vs Blue events
Advantage will be hosting another event in this series shortly in Auckland and Wellington. The company has 35 years’ experience in the IT sector, starting out in 1984 manufacturing PCs for health boards, government agencies and commercial environments. In 2000, they transitioned to a service-based business as a systems integrator, then in 2008 opened a tier 3 datacentre in response to ‘the cloud’ and shared services. 2012 saw significant investment in security services and since then, the company has been focused on developing a unique external security service – tailored to suit businesses of all sizes.
To find out more and keep up to date with event
dates, visit Advantage’s website.