By Carolyn Crandall, Chief Deception Officer at Attivo Networks – Deceiving the enemy into believing one is stronger than one actually is, manipulating them into taking self-defeating actions or tricking them into believing the costs of a military raid outweigh the spoils of victory, are tactics repeatedly used in warfare throughout history.
The objectives of deception are to derail the attack, confuse attackers, and motivate them to disengage or reconsider whether to attack at all when confronted by an opponent who seems more formidable than they first appear.
Such a strategy applies equally to the cybersecurity world. While some adversaries are highly-funded nation-state attackers, many threat actors are simply opportunists. They prefer to prey on targets they think are weak or are easy paths to a pay-out. This wide variety of attackers is increasingly driving organizations to turn to deception techniques. The aim is to confuse threat actors so they can no longer trust what they see or the information their attack tools feed to them. The idea is to increase the complexity associated with the attack such that attackers cannot easily advance their attack and leave empty-handed.
Deception technology essentially booby traps the network so that attackers can no longer tell real from fake and, in turn, end up making mistakes that reveal their presence. Advanced deception technologies can go as far as detecting based on the mere act of an attacker’s observation and feeding them false data that manipulate their future actions in favour of the defender.