Using the same techniques as criminal hackers, Tradecraft helps clients discover and fix vulnerabilities, taking a holistic view across their entire organisation’s attack surface. Current clients include Raspberry Pi and Barnado’s, and a variety of startups at various stages of growth.
Tradecraft’s team of ethical hackers explore different ways to break into clients’ systems, providing an attacker’s perspective on their security operations. This gives organisations tangible information about the strength of their security, allowing them to develop and improve their security capabilities in response to real threats.
Harry Metcalfe, co-founder and CEO of Tradecraft explains: “Most companies want to assure their customers that they take security seriously. But few have a good operational understanding of how attackers work. We find that organisations are often vulnerable in ways they don’t expect. Sometimes the door is left open for hackers to exploit seemingly low priority vulnerabilities in high-impact ways.”
Tradecraft’s approach complements the broad risk management strategies employed throughout many organisations by taking a more targeted view that identifies specific vulnerabilities, and then remaining with clients for the long term to help them fix those vulnerabilities strategically. This helps clients make transformative improvements, not just place a tick in a compliance checkbox.
Harry adds: “While managing risk is important, it won’t make companies secure by itself. We find the traditional risk management approach often falls short when applied to security. It’s not designed for environments where organisations are up against a human entity that’s actively working against them and undermining their decisions. Instead of carrying out penetration tests that target particular systems, we simulate the adversary. Working in the widest scope possible to exploit vulnerabilities, achieve breaches and work with clients over the long term to fix the problems we find.”
Working alongside the risk assessment process, Tradecraft focuses on finding the issues that lurk in the shadows. Identifying the blind spots that contain the most serious vulnerabilities and have the biggest impact.
“Sophisticated security is not only for larger organisations,” Harry concludes. “Building security capabilities at the start-up stage is important, before organisations begin to scale. It’s much easier to fix security vulnerabilities for ten users than it is for 10,000. When it comes to security, it’s always best to hope for the best but prepare for the worst, and there’s nearly always something you can be doing to improve.”