sb-nz logo
Story image

More than 60% of security 'blue teams' struggle to stop the 'red'

19 Aug 2020

Red teams and blue teams are common ways of exploring cyber adversary simulation exercises, but it seems that the red teams may still end up on top.

New research from Exabeam found that 62% of blue teams (defenders) have trouble stopping their red team (attacker) counterparts, while only 37% are successful in catching the red team. Further, 7% say they never catch the red team at all.

According to the 307 respondents, there are three key reasons for this lack of defence, including threat detection, incident response and flexibility/openness to change while working remotely.

On average, organisations run red team simulation exercises every five months. Some 26% of organisations conduct exercises once a month, another quarter conduct exercises every 2-6 months, 32% conduct exercises every 7-11 months and 8% conduct exercises once a year.  Seven percent don’t utilise red teams at all. Blue team exercises reflected similar percentages and averaged out to every six months.

This year, Exabeam found that many companies use the ‘purple team’ approach, in which the red and blue teams come from their own staff and work together to determine security preparedness. One-third run these simulations every 2-6 months, while 50% perform them every 7-11 months, and 12% report yearly tests. Only 7% do not have purple teams in place.

But are red and blue teams effective? According to the report, 92% of organisations leverage external red teams without prior knowledge of their internal security systems. This is to help their teams prepare for genuine attacks. Despite external contracting, 54% of respondents found internal and external red teams equally effective.

Organisations should take heed of warnings that they should constantly evaluate and adjust their security investments, particularly as today’s digital adversaries evolve at a rapid pace.

“These red team/blue team exercises can be valuable proof points when presenting budgetary and technological needs to the C-suite and board to help keep up with these changes. While there is always room for teams and security postures to mature, it is extremely encouraging that so many companies are regularly performing these tests to identify their weak spots and shore up their defences,” comments Exabeam chief security strategist Steve Moore.

Only 50% of polled organisations say they are increasing security investment and 30% are adding to their security infrastructure as a result of these exercises. Further, 17% are undertaking both measures, and only 2% say they have not changed their security tools or budget in response. 

Story image
New research reveals evolving tactics attackers use to trick victims
"Attackers prefer to use COVID-19 in their less targeted scamming attacks that focus on fake cures and donations."More
Story image
The top search terms from IT execs in 2020
Covid, cybersecurity and operating models were amongst the most searched terms by IT executives in 2020, according to the analyst firm.More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
BackupAssist partners with Wasabi for greater cyber-resilience
This partnership provides customers with an up to 80% less expensive solution that is faster than the competition for achieving enterprise-grade cyber-resilience, the company states. More
Story image
Microsoft top targeted brand by cyber criminals in Q4 2020
In Q4, 43% of all brand phishing attempts related to Microsoft (up from 19% in Q3), as threat actors continued to try to capitalise on people working remotely during the COVID-19 pandemic’s second wave. More
Story image
UPDATED: RBNZ ascribes data breach to third-party file sharing service
“The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information,” says RBNZ Governor.More