When is a duck not a duck?
Machiavelli famously advised “Never attempt to win by force what can be won by deception,” and this is often the mantra of the cybercriminal. The art of deception is by far the most effective weapon in the cyberattacker’s arsenal, posing a greater threat than any single piece of advanced malware or secret software vulnerability, writes Carolyn Crandall, Chief Deception Officer at cybersecurity threat detection product company Attivo Networks.
Whether phishing their victim for credentials or tricking them into downloading malware, criminals depend on their ability to deceive their victims into interacting with them. Cyber deception is exceedingly one-sided, with attackers able to research and plan at their leisure while defenders can only prepare and anticipate an eventual attack. However, with the right technology, an organisation can turn the tables and use a cybercriminal’s own deceptive techniques against them.
Deceiving the deceivers
While offensive cyber deception is usually based around the attacker impersonating a trusted individual, defensive deception involves establishing a convincing false environment. When done correctly, the attacker will waste their time and resources going after a ‘useless’ decoy. In the best-case scenario, the attacker may give up entirely, but even the most tenacious adversaries will still end up operating significantly slower than normal, as well as giving ample warning to the security team about their activities.