Skip to content
arrow-alt-circle-up icon

Cyber Incident Call

arrow-alt-circle-up icon

00800 1744 0000

arrow-alt-circle-up icon

Picture this: At 9:15 on a typical Thursday morning, a group of Northwave experts gather in your car park in disguise, ready for action. Disguised because they want to maintain the element of surprise for an upcoming simulated cyberattack. On your side, all the participants in the exercise - your crisis teams - have been lured to your office under false pretences. Unaware of what is about to happen, they find themselves in a room waiting for an important meeting with their CEO. Suddenly, their systems display a ransomware lock screen. We have just installed our fake ‘ransomware’. The unannounced, unexpected gold-teaming exercise has begun.

Gold Teaming is our most extensive and innovative Cyber Crisis Simulation, which combines the technical findings of Red Teaming with a Cyber Crisis Exercise to create an experience that reflects the reality of a cyberattack as closely as possible*. By pushing the boundaries of realism within a controlled environment, you eliminate abstract risk estimates and discover tangible results that reveal the damages your organisation could suffer from.

* Note: this blog is based upon our most extensive Gold Teaming variant, the semi-live simulation, which provides the most options and insights.


So, what is going on here?

In the weeks leading up to the exercise, our Red Teamers successfully simulate attacks on your company, based on attack patterns (Tactics, Techniques, and Procedures, TTPs) currently used by threat actors in the real-world. They take the role of a motivated attacker, and their goal is to identify vulnerabilities and escalate privileges within your organisation, to advance towards your crown jewels. Regardless of whether your crown jewels are intellectual property or your customers’ information, they dictate where an attacker can profit the most by compromising your organisation – this is exactly what our Red Teamers simulate. Based on the specific goal, they depict the technical attack path: exploiting vulnerabilities, acquiring administrative privileges, compromising numerous systems, including the backup system, gaining access to sensitive information, and simulating the exfiltration of this data.

Only a handful of people in your organisation know that our ethical hackers are in your network. Together with them, we select the day for the Gold Teaming and identify which employees should receive a ‘fake ransomware’ screen.

Once the initial shock of the ransomware screen has settled, participants are informed that they are in an exercise, and receive appropriate instructions. The exercise then unfolds in a controlled environment known as the ‘exercise bubble'. All the teams responsible for resolving the crisis participate: your Strategic Crisis Management Team, Tactical Team and Operational Incident Response Team. Additionally, even your Crisis Communication Team and most important stakeholders, such as an IT-supplier, could participate. These teams must manage a variety of simulated real-world challenges and dilemmas. Through phone calls, emails, and a realistic social media simulator, we bring the crisis and the rest of the scenario to life.

Simulated employees, customers, supply chain partners, regulatory authorities, the media, and other stakeholders start contacting the participants as the pressure keeps rising. Your employees are worried, customers get angry, the Data Protection Authority gets involved, negotiations with the threat actor start and a persistent journalist requests a statement. At the same time, your incident response team grapples with the technical side of the scenario, where the scale of encrypted systems, stolen files, the status of the backups and the root cause are based on the progress made by our ethical hackers in infiltrating your network. Throughout the exercise, our experienced Computer Emergency Response Team (EU-CERT) coordinators and crisis managers are on stand-by, ready to help the teams to resolve the crisis.


Why Gold Teaming matters

The core objective of Gold Teaming is to challenge your organisation with cyber security scenarios so realistic that they are virtually indistinguishable from genuine cyber threats, thereby enhancing your readiness to combat these cyber crises.

The distinguishing feature of Gold Teaming is its realistic and unexpected nature. The precision with which the Red Team’s findings form the technical basis of the crisis scenario, allows your organisation to experience the complexities of a legitimate cyberattack on its systems. The unexpected nature adds to this realistic experience, as it trains your people to become comfortable with the uncomfortable. Knowing what to expect during a cyber crisis helps with being mentally resilient in case a real cyber crisis strikes.

Moreover, one of the most challenging aspects within cyber security governance is bridging the gap between strategic management and technical cyber security specialists within an organisation. Aligning these distinct roles, fostering mutual understanding, and facilitating effective communication can pose a significant challenge, especially during crisis. Executing a Gold Teaming is an excellent way to connect these layers, because both teams are participating and sharing their experiences. Your strategic management is presented with the implications of the technical vulnerabilities within their organisation, while stressing the urgency in resolving them. This helps to gain a better understanding of the impact of successful exploitation on your business operations in an actionable manner. Simultaneously, cyber security specialists become aware of the information needs of their management, which are crucial for evaluating and managing a cyber crisis.

In short, Gold Teaming is a Cyber Crisis Exercise which is based on the findings of a Red Teaming. Combined, this realistic cyberattack- and crisis simulation tests both the technical measures in place and trains the behavioural and governance aspects of the crisis organisation. This is what sets Gold Teaming apart from other cyber crisis exercises.


How we help you

Prepare your organisation and increase its ability to effectively respond to and recover from cyberattacks by partnering up with us.

Northwave is your trusted partner for a Gold Teaming. What makes a Gold Teaming so effective is its integrated nature. Integration has been at the core of all of Northwave’s solutions since our founding in 2006.

Our years of experience in helping cybercrime victims have underscored the importance of safeguarding your business through a holistic approach. That is why we integrate the organisational (Business), technical (Bytes), and human (Behaviour) dimensions of cyber security into one approach. This enables us to seamlessly combine the necessary expertise to develop an all-encompassing Gold Teaming. We have ethical hackers, incident responders, crisis communication experts, business continuity managers, crisis managers, threat intelligence experts, experienced trainers, and educators all under one roof. We come together to be uniquely positioned as the best consultant, expert, and trainer for you.

We deal with cybercrime on a daily basis, both on the preventative side in our Security Operations Centre (SOC) as on the reactive side in our CERT. The insight we gain, combined with the research of our Cyber Threat Intelligence (CTI) team, provides us with a unique view on the precise Tactics, Techniques, and Procedures (TTPs) currently employed by threat actors in the real-world.

Though we firmly believe in the complete 360º approach of cyber security, every organisation is different. We anticipate your wishes and needs by providing a suitable Gold Teaming exercise for your organisation’s scope. We do not only provide full simulations, we also offer tabletops and walkthroughs that provide you with valuable insights.

Boost your organisation's readiness now and put your cyber security and resilience to the ultimate test!

You want to know more? Contact our expert:

Barry Visser

Sales Specialist Gold Teaming

Phone: +31 6 82067502

We are here for you

Combining the results of Red Teaming with a Crisis Exercise into the ultimate Cyberattack Simulation to test your organisation.