The most dangerous attack vector
is the human.

Red Team

Only 32% of Swiss SMEs train their employees regularly in cybersecurity. Only 30% have an emergency plan. We simulate realistic attacks, measure the weaknesses and close them systematically.

Why Technology Alone Isn't Enough

Most successful attacks don't start with a technical exploit. They start with a phishing email, a spoofed phone call or a USB stick in the parking lot. Firewalls and EDR solutions do little against this attack vector when the target is an employee who clicks a link.

The consequence: employees don't recognise phishing emails, report incidents too late or not at all, and in an emergency there's no rehearsed procedure. This isn't individual failure, it's an organisational problem.

We simulate the attacks that real attackers would use, measure how your team responds, and train the gaps. Not with generic presentations, but with scenarios from real incidents.

Our Approach

Phase 01

Scoping & Goal Definition

Joint definition of scope, goals and escalation paths. What should be measured: click rates, reporting behaviour, physical access? What's off-limits? Everything is agreed in writing.

Phase 02

Simulation or Campaign

Execution of the agreed measure: red team operation, targeted phishing campaign or social engineering scenario. Realistic, controlled, traceable.

Phase 03

Measurement & Analysis

Collection of results: click rates, credential submissions, reporting rates, access points. No punishment of employees, but a data basis for targeted training.

Phase 04

Report & Briefing

Technical report with findings, metrics and comparison to industry benchmarks. Briefing for management and optionally directly for affected teams.

Phase 05

Training & Awareness

Workshop with real examples from the campaign. Your team learns to recognise threats because they've experienced them. Not because they saw a slide.

What You Receive

Campaign Report

Complete documentation of the simulation: approach, findings, click rates, reporting behaviour and recommendations.

Risk-Based Prioritisation

Which departments, roles or processes are most exposed? The basis for targeted measures.

Management Briefing

Compact summary for management: risk posture, key findings, recommended actions.

Awareness Workshop

Hands-on workshop based on campaign results. Scenarios from your own company, no generic examples.

Retest After Training

Optional: follow-up campaign after training to measure progress and document effectiveness.

Common Questions

Are employees punished for clicking a phishing link?

No, and this is crucial for the measure's success. Phishing simulations only work when employees aren't afraid of consequences. We collect anonymised aggregate data and use results exclusively for targeted training. Those who clicked learn why, without being identified.

What is the scope of a red team operation?

A red team operation simulates a comprehensive attack on your company: physical access, social engineering, network intrusion, data exfiltration. Scope and boundaries are defined in writing with you beforehand. What's not in scope is not attacked.

How often should we run such simulations?

For phishing campaigns, we recommend two to four per year, as attacker tactics change rapidly and regular practice maintains vigilance. Red team operations are typically annual engagements. The right rhythm depends on your risk profile and industry.

What's in the final report?

The report contains: scope and approach, complete finding documentation with reproduction steps, campaign metrics (click rates, reporting rates), comparison to industry benchmarks, prioritised recommendations and an executive summary for management.

From Our Blog

praxis

Ransomware Attack on Your SME: The First 60 Minutes

23 March 2026 · 6 min read