Red Teams and Pen Testers take an adversarial stance to challenge organisations for one reason only – to get those organisations to change their practices, and raise their game to be ready for the threats that they will face from real attackers. This is harsh real-world learning for those organisations, albeit not as harsh as having to learn from real attacks from real threat actors.
At a technical level, the activities of Red Teams and Pen Testers lead to the exposure of vulnerabilities. Identifying and importantly, understanding these complex vulnerabilities then allows those responsible for the assets and processes to patch and upgrade their defences.
At the human level the process of clarifying and explaining an organisation’s vulnerabilities is that much harder. This is because attackers will use techniques and tactics that depend on concepts most people are unaware off. This is why their attacks work so well!
Artifice train professional Red Teams and Pen Testers to demonstrate, articulate and then mitigate the human dimension of an organisation’s vulnerabilities. Our system of deceptive thinking allows attackers to conceive courses of action that will successfully penetrate the defences of their clients. But most importantly, the Red Teams and Pen Testers will need to explain their clever attacks in terms that can be meaningfully understood by their clients. Then those clients must be able to plan mitigation strategies with that new insight. This is the fundamental purpose of taking an adversarial stance within the learning relationship. The Artifice System provides the professional lexicon to underpin these phases of vital organisational development. It lifts the dialogue and empowers the stakeholders accept and respond to vulnerabilities the Red Team attack process exposes.