Tricking cyber-criminals into revealing their presence is becoming an increasingly popular way to safeguard systems and data from attack.
Keep your friends close and your enemies closer. It’s a quote that’s been variously attributed to Chinese military general Sun Tzu, Machiavelli and Michael Corleone, The Godfather’s fictional mafia boss.
In today’s hyper-connected digital business environment, it can also be an effective defence strategy against the burgeoning threat posed by cyber-attackers.
Emerging ‘deception technology’ can give your adversaries the erroneous impression they are roaming freely across the network. Meanwhile, your security team has the opportunity to observe them up close, glean valuable intelligence about their modus operandi and, ultimately, defeat them.
The enemy at the gates – and all around
In 2019, there’s no shortage of adversaries for business Australia to be concerned about. A recent Cyber Security Review, led by the Department of the Prime Minister and Cabinet, found cyber-crime – think ransomware attacks, credential harvesting via malware and phishing attempts – was costing the economy up to $1 billion a year, in direct costs alone.
The Australian Criminal Intelligence Commission says the country is an attractive target for serious and organised crime syndicates, due to its wealth and high use of technology, and states the threat to individuals and organisations is serious and persistent.
PwC’s 2018 Global Economic Crime & Fraud Survey: Australian Report found cyber-crime was viewed by companies as the most disruptive economic crime du jour and their greatest external threat. Many spoke from bitter experience – almost half the Australian organisations surveyed said they had suffered a cyber-attack.
The cost of compromise can be crippling, as listed property valuation firm Landmark White found out in 2019. Two large-scale data breaches which saw the personal details of more than 250,000 individuals posted on the dark web left the company an estimated $8 million in the red and struggling to retain large customers and credibility.
New technology for a changing threat landscape
Against this backdrop, organisations can ill afford to be complacent about their security posture or assume traditional cyber-security measures will continue to answer.
‘Deception technology’ is a rapidly advancing defence strategy which is finding favour with enterprises, both small and large, that are seeking innovative ways to outwit old foes.
The term refers to the use of traps and decoys which resemble your genuine network and systems, including bogus files and simulated SCADA, IoT, and network infrastructure devices.
These decoys can run real operating systems and applications to match that of production assets; the object of the exercise being to fool hackers and cyber-criminals into thinking they’ve discovered an unsecured entry point into your enterprise.
Even the lightest engagement triggers an alert and enables your security team to begin monitoring and recording their behaviour, safely within the deception sandbox
Meanwhile, your team is acquiring valuable intelligence about what adversaries are looking for and how they’re going about it. That’s information you can use to inform your security strategy and strengthen your defences against future incursions.
Early versions of honeypot deception technology was renowned for being difficult to manage and deploy. Machine learning has made deception technology extremely simple to deploy and operate. Additionally, only minimal time investment is needed to for ongoing management due to the accuracy and fidelity of the alerts. It is not uncommon to hear of overall operational time saving gains due to automated analysis, incident response, and time typically spent triaging an incident.
Not sure if it has a place in your security stack? Other organisations around the world are voting with their wallets. Research suggests the global market for the technology is growing at more than 15 per cent a year and will be worth $US2.09 billion by 2021.
Time to act
The threat posed by cyber-crime is real and rising and, as organisations continue to digitise, traditional perimeter-based cyber-security strategies will no longer be completely reliable or adequate. Cyber-attackers are notoriously nimble and adaptable, and it behoves businesses to mitigate the risk they pose, by exploring new strategies to identify and repel their advances. Luring adversaries into the open with deception technology can prevent them from gaining access to your critical IT data and assets and reduce the occurrence of disruptive and costly incidents your organisation can ill afford to weather.