Don't get stuck in a honeypot

Honeypots have been around for years and are a tried and tested cybersecurity mechanism. By creating a fake environment with attractive assets, organizations use honeypots to lure attackers into a trap where their actions can be studied and learned from to improve cybersecurity measures. Simultaneously, they are protecting the business’ real assets by preoccupying the attacker with the decoys.

However, honeypots have a narrow field of view as the only activity that they detect is those that target them directly. If an attacker gains access to a network, but not through the honeypot, the business would be none the wiser. It is, therefore, crucial to have more than one honeypot -- a honeynet -- to make it effective. Yet, honeypots are very time-consuming to apply as they need to be installed in networks and systems in data centers. It can take as long as an hour to install just one and it lacks any level of scalability.

First developed before the millennium, honeypots have been around for over 20 years. So, it's about time we embrace the latest cybersecurity technologies and don’t get stuck in the honeypots.

Introducing cyber deception

Bringing the honeypot concept into 2023, cyber deception is an emerging cybersecurity technology hosted in an automated, cloud-based platform. By creating virtual decoys that look like real assets, cyber deception technology aims to lure cybercriminals towards the fake asset. But, unlike honeypots, these threat sensors are designed to actively engage bad actors, rather than simply trap them for observation and to learn from their actions. Once a fake asset is touched, an immediate alert is sent to security teams who can take actions and isolate the asset. With response time significantly reduced, cybercriminals are far less likely to get into any real systems.

Not restricted to the outer edges of a network, cyber deception can detect when hackers are within the system and help to fix cybersecurity gaps in real time. For this reason, cyber deception is an early detection system, not just a defense mechanism, allowing for a more proactive approach to cybersecurity.

Based on SaaS threat sensor technology, cyber deception defenses are also far more scalable with the potential to deploy a number of decoys in seconds. The speed of deployment is key to the efficacy of the technology -- the more fake assets in the environment, the more likely an attacker is to touch a decoy than a real asset.

The scalability also allows for a number of different decoys to be created. Replicating decoys that are attractive to attackers is key. They will be looking for the path of least resistance, so creating fake legacy systems -- which are typically easy to get into -- and assets that aren’t typically protected, such as printers and smart light bulbs and switches, are likely to attract attackers and allow businesses to detect them quicker. Crucially, these fake assets are invisible to legitimate users and systems so it is only those with unauthorized access that can touch them. This avoids alert fatigue and increases confidence in the technology as false positives are avoided.

Don’t get stuck -- be unstoppable

There has never been a better time to take action and reinvent your cybersecurity strategy. In 2022, 146 billion cyber-threats were detected across the world, a rise of 55 percent compared to the previous year. And, with the annual cost of cybercrime predicted to reach over £6.5 trillion in 2023, we can only expect the volume and sophistication of cyber attacks to continue growing.

It’s no longer a question of whether an attacker will gain access to your environment -- it is almost inevitable -- so you must be prepared for when it does happen. Taking a proactive approach to cybersecurity with an early detection system is key to reducing the number of genuine attacks and protecting company and customer data.

In an increasingly challenging environment, where cybercriminals are now sophisticated businessmen, earning money, hiring employees, and building empires through their activities, cybersecurity is undoubtedly a priority for all businesses. But, it is no longer enough for organizations to simply react to an attack once they get hit. We must be one step ahead of cybercriminals and cyber deception technology provides the power to become the manipulator, rather than manipulated.

Image Credit: Wayne Williams

Jason Gerrard is Director of International Systems Engineering at Commvault.