Attackers capitalize on people’s carelessness and helpfulness to…
A man wearing a suit and carrying a briefcase enters the building, appearing to be extremely busy. He walks to reception and introduces himself as a consultant working for a well-known global company. He explains that he’s late for a very important meeting.
The consultant doesn’t have an ID badge. But he mentions two employees of the company that he agreed to meet. The man emphasizes that he’s already late for the meeting, and begs the receptionist to let him in.
The receptionist tries to call the employees that the consultant mentioned, but neither of them answers the phone. That’s no surprise – both are on a business trip on the other side of the globe. The consultant explains that there’s a large sum of money at stake. This explanation, and the implied consequences of delaying the meeting, intimidates the receptionist into letting the consultant in the building.
In reality, the man in a suit isn’t a business consultant. He’s a cyber security professional trying to break into the company’s information systems using any means necessary. It’s what’s called a Red Team – an exercise where cyber security professionals test customer organizations by trying to find vulnerabilities that can lead to data breaches.
Even though the example above is fictional, our security experts use similar tactics in real Red Team drills. Made-up stories and disguises are useful tools to access buildings that would otherwise be restricted to the public.
“To date, our cyber security professionals have a 100% success rate in Red Team drills,” says Janne Kauhanen from our Cyber Security Services unit.
This story is based on an article by the Finnish broadcasting company, YLE, published online on March 5, 2017.
Let us in. Keep them out.
Considering a Red Team exercise? Find more information here or contact us:
Leave a comment