How to use deception to gain the advantage over cyber-attackers
Deception plays an essential role in any game of strategy, providing an opportunity to trick the opponent into exposing their weaknesses and leaving themselves vulnerable. Given its successes, the application of deceptive techniques has been a mainstay of military tactics, sports playbooks, and gambling for millennia.
From tricking a unit of horsemen into overextending their charge to diverting a bomber squadron away from genuine targets, well-placed decoys have delivered powerful results in both offence and defence. Decoys, when paired with lures, can be indispensable in fooling an adversary into engaging or in misdirecting and slowing down their efforts.
When it comes to cyber security, deception has historically been exclusively the domain of the attacker. Almost every cyber-attack involves deceptive techniques to some degree, typically via social engineering tactics designed to trick a target into sharing their login credentials or downloading malware.
Attackers will also hide in plain sight, masked as actual users, to avoid detection.
Deception has placed the advantage with the attackers, as they have the luxury of taking their time researching targets and preparing their tactics.