.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
When a Red Team targets critical infrastructure, the insights can be eye-opening. From hospitals protecting patient data to local governments safeguarding public services, these exercises reveal how attackers think — and where defenses can improve.Join Susie Evershed and Eric E. as they share real-world stories, key lessons learned, and attacker tactics observed in the field. They’ll also discuss how Sophos Advisory Services helps organizations stay ahead by proactively strengthening their cyber defenses.
Video Summary: Inside the SOPHOS Red Team – How Offensive Security Testing Helps Organizations Prepare
00:05 Introduction
Welcome to our Cyber Shorts series with SOPHOS, a LinkedIn Live series designed to bring you insights into trending cybersecurity topics.
In this episode, we explore how red team testing helps organizations better understand and defend against real-world cyber threats.
00:14 Meet the speakers
I’m Susie Evershed, joined by Eric Esquivel, Red Team Technical Lead for SOPHOS Advisory Services.
Today’s conversation takes a closer look at the SOPHOS Red Team and the work they do day to day.
00:31 What does the SOPHOS Red Team do?
The red team simulates real-world attacks against client environments, always with permission, to uncover the ways real threat actors could compromise an organization.
Their work spans a wide range of scenarios, from financial institutions to hospitals and government organizations.
01:27 Goal-based testing in healthcare
The team uses goal-based testing, which focuses on the outcomes that matter most to the client.
In healthcare, that can include ransomware, patient data theft, disruption to building control systems, and attacks that affect critical hospital operations.
02:20 Cyber risks unique to hospitals
Hospitals face risks beyond standard IT compromise, including threats to building systems, backup power, oxygen systems, billing operations, and highly sensitive patient records.
These environments combine operational urgency with valuable data, making them especially high-impact targets.
03:08 Demonstrating real-world impact
In one hospital engagement, the red team was able to compromise building control systems and access a fictitious patient record created for testing.
By showing leadership what was actually possible, the exercise helped demonstrate why stronger protections and investment were needed.
04:20 Why hospitals are especially vulnerable to hackers
A key challenge in healthcare is urgency.
Hospital staff often need to act quickly, which makes them more susceptible to phishing and other socially engineered attacks that exploit time pressure and compliance demands.
05:26 Beyond hospitals: critical infrastructure and municipalities
The conversation also expands to local government and critical infrastructure, including water systems, power generation, and municipal services.
These environments often rely on older technology, limited budgets, and highly interconnected networks, which can increase risk.
06:21 How interconnected systems create risk
City halls, sheriff’s offices, jails, fire departments, and other municipal entities are often closely linked for operational reasons.
That same connectivity can allow attackers to move laterally through environments once a single account or system is compromised.
07:41 What IT and CISO clients get from a red team engagement
Red team testing does more than identify weaknesses.
It gives IT leaders, CISOs, and security teams the evidence they need to justify budget, staffing, tools, training, and other security improvements to executives and boards.
09:02 A security partner, not a report card
The value of the engagement is not just a list of problems.
Clients gain a partner who can explain how the compromise happened, walk technical teams through the findings, and help translate those results into meaningful action.
09:46 Why offensive testing matters
Offensive testing is essential because it shows how defenses perform under realistic conditions.
It helps organizations validate whether their tools, alerts, and response processes actually work when a real attack begins.
10:23 Testing the full response process
These exercises reveal operational gaps that may otherwise go unnoticed, such as alerts going to the wrong person or important signals being missed entirely.
The goal is to test not only technology, but also people, processes, and readiness.
11:16 Realistic simulation builds resilience
There is no better way to understand how an organization will respond to a real threat than by simulating one as closely as possible.
Red team testing provides that realistic view while also giving organizations the chance to ask questions, learn, and improve.
11:41 Closing
Thank you for joining this Cyber Shorts episode.
Stay tuned for future episodes, and for more insights be sure to read our blog and follow our social channels.