INTELLIGENT BRANDS // Enterprise Security

An overwhelming 64 % of respondents are employing Red Teaming in some capacity , whether building their own internal team , employing external resources or a combination .

Additionally , more than half say they will increase investment in the function over the next 12 – 24 months – with nearly a quarter reporting significant increases in Red Teaming .

“ We are approaching a tipping point in terms of organizational understanding that a wealth of external knowledge regarding the universe of active attackers , threats and vulnerabilities , is much less effective without truly understanding the specific risk and exposure dynamics in your own environment and assets ,” said Tom Eston , VP of Consulting and Cosmos for Bishop Fox .

“ The overwhelming message in this report is a move to ‘ full surface ’ offensive security investment . If organizations aren ’ t complementing their defensive security program with offensive testing they are , or will soon be , trailing the pack .”

The report surveys some 700 respondents in organizations that actively perform offensive security testing .

Nearly 70 % of the companies comprised organizations of 5,000 employees or more .

The report highlights how forward-leaning enterprises are taking matters in their own hands and leveraging attackers ’ tactics , techniques and procedures against themselves .

This enables them to identify weaknesses and close them down before threat actors discover them , as well as limit the scope of impact of any compromise that subverts defenses .

Other findings in the report include :

• The top three threats driving offensive security investments are ransomware ( 41 %), social engineering ( 40 %) and cloud vulnerabilities ( 39 %)

• More than half ( 52 %) say employing offensive testing is effective or highly effective in defending against the top three .

• Nearly half of organizations are planning to conduct Red Team exercises at least monthly , with 26 % planning to do so continuously

• More than half prioritize their Red Team exercises around tabletop exercises ( 63 %), ransomware readiness ( 55 %) and data breach scenarios ( 51 %)

• Internal Red Teams are already in place , or in planning stages , in 70 % of those surveyed

The success of offensive security in combating attacks is driving growth across all offensive security categories , an indication that the market tipping point is fast approaching . These indicators include :

• Growth in additional offensive security use cases in the last 18 months , including cloud migration ( 41 %), new app releases ( 40 %) and new technology adoption ( 44 %)

• Additionally , the business drivers that overlay the use cases include improving attack surface visibility ( 40 %), accelerating zero-day response ( 42 %) and meeting compliance and regulatory requirements ( 42 %)

• Finally , 62 % of respondents express confidence or high confidence in their ability to identify assets and exposures p

68 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com