"Find a trusted advisor to help you screen consulting firms to find out of they are the real deal for hybrid IT / physical assessments. Military? That's good. What did they do there? Does that experience tie in? Recon experience is good, recon with tactical entry is better," Gangwer said.
In the end the Barclays heist was a textbook example of a hybrid attack, and one that could have been prevented.
"This is how criminals do it. No holds barred. That's why the security consulting world needs to get serious," Rook's CEO, J.J. Thompson told CSO.
"The days of half-baked intrusion plans and utilizing people with no real-world experience to rattle doorknobs is over. Real security is dirty. Hire consultants who get it, then get out of their way and let them get dirty."
Sign up for CIO Asia eNewsletters.