We wake up, make our breakfast, get our kids ready for the schools, drive to our working place, we break into chief financial offer’s inbox and steal the whole employee tax records of the company
For the red teams or offensive security researchers, that is another day at their work.
The offensive security team are consisted of some skilled hackers who are allowed to search for the vulnerabilities in the systems, networks as well as the employees of a company. By hacking a company from within, the company can understand much better where it actually needs to reinforce the defenses to prevent a future and real hacker. However, social engineering, where the hackers basically manipulate the targets, will have severe consequences on the target. Though engagement from the red team is confirmed and is legal, the ethics of specific efforts and attacks can go unconsidered.
The newly released study looks at the ethics which is involved in offensive security engagements. The findings reveal that the security professionals like the red teamers along with the incident responders were likely to find it acceptable ethically to carry out particular kinds of hacking activities on other people. The research is basically a survey of more than 500 people who are working in both non-security and security positions and are presented for the first time at the Shmoocon 2020 in Washington DC in this week. It was found that non-security professionals like employees who are working in human resources or at the reception desk, are 9 times more likely to object to receiving several phishing emails as a part of red team engagement that the security professional.