Skip to content

Trending tags

This is how a hacker can lure you into exposing your company to attacks

Taija Merisalo

22.03.17 2 min. read

red teaming, red team, red teaming test

 

Attackers capitalize on people’s carelessness and helpfulness to…

 

A man wearing a suit and carrying a briefcase enters the building, appearing to be extremely busy. He walks to reception and introduces himself as a consultant working for a well-known global company. He explains that he’s late for a very important meeting.

The consultant doesn’t have an ID badge. But he mentions two employees of the company that he agreed to meet. The man emphasizes that he’s already late for the meeting, and begs the receptionist to let him in.

The receptionist tries to call the employees that the consultant mentioned, but neither of them answers the phone. That’s no surprise – both are on a business trip on the other side of the globe. The consultant explains that there’s a large sum of money at stake. This explanation, and the implied consequences of delaying the meeting, intimidates the receptionist into letting the consultant in the building.

In reality, the man in a suit isn’t a business consultant. He’s a cyber security professional trying to break into the company’s information systems using any means necessary. It’s what’s called a Red Team – an exercise where cyber security professionals test customer organizations by trying to find vulnerabilities that can lead to data breaches.

Even though the example above is fictional, our security experts use similar tactics in real Red Team drills. Made-up stories and disguises are useful tools to access buildings that would otherwise be restricted to the public.

“To date, our cyber security professionals have a 100% success rate in Red Team drills,” says Janne Kauhanen from our Cyber Security Services unit.

Read the full story

This story is based on an article by the Finnish broadcasting company, YLE, published online on March 5, 2017.

Let us in. Keep them out.

Considering a Red Team exercise? Find more information here or contact us:

Taija Merisalo

22.03.17 2 min. read

Categories

Leave a comment

Oops! There was an error posting your comment. Please try again.

Thanks for participating! Your comment will appear once it's approved.

Posting comment...

Your email address will not be published. Required fields are marked *

Related posts

Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.