Sense of Security talks red teaming, DevSecOps and “box ticking”

Australian organisations have fallen into the trap of being cybersecurity ‘box tickers’ as a result of commoditised penetration testing for risk audit purposes. Every year, businesses conduct the same test and get the same results. Whilst businesses fall into this lazy routine, cyber criminals are getting more sophisticated in their approach and the ways they break into networks. They are moving away from targeting systems they know go through rigorous testing, instead focusing on the master key that unlocks the door – us.

This is why, even for no other reason, businesses should go beyond box-ticking to actually thinking about where they are susceptible to attacks – whether through social engineering, physical breaches, mobile devices or IoT.

You can no longer just rely on the fact you’ve ticked boxes. By experiencing a simulated cyber-attack, you reveal a wider and deeper understanding of potential adversary options, including threat actor behaviours that may never have been previously considered, such as exploiting a partner’s or contractor’s network.

We spoke with Security Brief about how Australians have fallen into the trap of being cybersecurity “box tickers”.