What Purple Teams Wish Companies Knew

After analyzing and buttoning up hundreds of cybersecurity incidents in 2022, a group of purple team consultants compared notes to share five of the most common mistakes they've observed organizations make.

A purple team is a group of offensive cybersecurity professionals (red team) working in tandem with defending teams (blue team) to improve operations and mitigate threats.

Lares security assessment firm has published its purple-team findings that found companies keep making the same five errors: bad event logging, a lack of offensive security knowledge, maintaining a codependent relationship with the security operations center (SOC), too great a reliance on tools, and excessive outsourcing. Organizations need to pay attention to critical log events so that they don't overlook signs of malicious activity, to not expect detection and response tools to find all bad actors, and invest in their employees to learn and grow their security skills.

"To properly defend their organizations, security professionals need to be aware of the latest threats and how to respond," Andrew Hay, chief operating officer of Lares, said about the new report. "Security teams also need to be mindful of the potential issues that can arise from their defensive measures."