Security News > 2022 > April > Testing, testing, testing: Why Red Teaming is a must for every CISO

Testing, testing, testing: Why Red Teaming is a must for every CISO
2022-04-05 07:15

It is vital that every CISO can offer a clear picture of how their security is really holding up against the latest tactics, techniques, and procedures.

A red team exercise may not even need to exploit any technology-related vulnerability; rather, testers can rely on social engineering, phishing, or identifying shadow IT as an entry point.

With the knowledge gained from a red team exercise, the CISO can prioritize improvement programs to act effectively against real-life risks, spotting left-field gaps that would otherwise be missed in a standard pen-test.

Of course, the CISO will certainly be under considerable pressure to quickly mitigate the most severe risks, and IT transformation doesn't happen quickly.

CISOs should aim to first address the easy wins to immediately bolster security, and then also consider adding preconfigured network-based threat detection and mitigation capability.

By testing to the nth degree, CISOs can both reduce their risk and identify the most impactful ways to improve their security.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/05/why_red_teaming_is_a_must/