- Red Team
- Security Awareness Campaign
Key challenges
A national workers union asked for our support to verify existing security measures and improve security awareness amongst employees.
The challenge included the multiple professional centres, depending on the sector of activity, spread all over Belgium. The challenge was having all the combined expertise, and the required flexibility to travel to all locations in a short time span.
Our approach
We proposed and executed a Red Team Engagement to better understand the existing security measures in place. With an increased focus on trying to find weak links in the general awareness. This was followed up with an adequate security awareness campaign which tackled the discovered gap. The flexibility of our team allowed simultaneous and efficient testing over all locations.
Red Team Engagement
- We assembled a list of targetable domains and applications and agreed with the client which could be candidates for extensive security testing.
- On top of having a “real-world” security intrusion scenario, we provided the customer with recommendations on how to improve and go beyond, based on the findings discovered in our testing phase.
- We delivered a report which gave the customer insight on the issues that needed to be remediated together with suggestions and recommendations.
Security Awareness Campaign
- We created awareness posters (in French, Dutch and English) meant to be printed, sent per mail or shared internally. A written validation, regarding the support of the client will be asked each time to ensure our quality.
- We organized training sessions, carried out as a full day workshop each few weeks for a predefined number of months.
- We gathered feedback, through surveys that were transmitted to every participant and measured the quality of the awareness sessions with the goals to improve future sessions.
Benefits
The results of the Red Team Assessment were the following. We have successfully:
- Identified and protected the customer’s most critical assets
- Uncovered security flaws that could not have been detected with a traditional penetration test
- Provided an evidence-based risk profile and an actionable plan for improvement at the management and board levels
- Assessed the potential cost of a breach to the organisation versus the ease for an attacker to break in the organization with a successful cyber attack
- Tested the employees ability to detect, avoid and report a social engineering attempt by submitting support tickets