Banking Dive: Banks engage in self-hacks to keep defenses sharp
On Mar. 9, 2020, NetSPI President and COO Aaron Shilts was featured in Banking Dive.
The next level of self-hack is conducted at a more enterprise level, called red team testing.
There are a few variations of the approach. In one, red-team testers adopt the tactics of a specific, known threat actor and try to achieve a specific objective against a chosen target.
Red teaming is typically done by banks that are at a higher level of security maturity overall, said Wong.
The value of penetration testing over simply using scanning software is that you’re adding humans to the mix, said Aaron Shilts, president and COO of vulnerability assessment firm NetSPI.
“If we were bad guys, you know, what would we use to get in?” Shilts told ABA. “How could we get in? What do their defenses really look like? With limited information, it’s kind of a good way to simulate how accessible the crown jewels are from the outside.”
Read the full article here.