When considering an organisation's digital security, it is commonplace for workers to take into account common features such as password strength and regular updates of antivirus software.
While these certainly help to form part of a strong security plan, these components do not constitute a complete suite of protection.
This is because malicious parties are constantly evolving the way they seek out information that can be used in a penetration attack.
As an example, the 2012 Threat Report by Websense Security Labs analysed over 200,000 smartphone apps and found what it calls "a noticeable percentage" of the mobile programs were containing elements of malware and non-essential permissions.
The report states: "The popularity of mobile devices is creating a large target installed base and cybercrime is actively innovating to harvest information for profit."
On top of this, researchers found that 51 per cent of mobile users turn off password permissions and security protections on their devices – making a lost or stolen phone a valuable commodity for malicious parties.
This is just one of the avenues that red cell testing teams could use when helping to examine possible exploitation routes – making use of the same methodologies and processes as real-world hackers and data thieves, but without the danger of losing control of proprietary information.