When deception is a good thing

By Nick Mirabile, director of cybersecurity

In 2013, a pro-Assad group known as the Syrian Electronic Army hacked into the Associated Press’ Twitter account and broadcast a fake report about explosions at the White House. It caused the Dow Jones industrial average to drop nearly 150 points, erasing $136 billion in market value.

This is cyber deception in action. Cyber attackers have long embraced deception with tactics such as social engineering help-desk employees to install Trojans or obtain users’ credentials. If deception can be used to attack, can it also be used in cyber defense?

The commercial world has been investigating and successfully employing these techniques. In the simplest terms, the technology creates a decoy network that tricks the adversary into thinking they’re gaining access to valuable information.

The goal of deploying deception to detect hackers is to change the underlying economics of hacking, making it more difficult, time-consuming and cost prohibitive for infiltrators to attack. Realistically, there will always be attackers seeking to gain an advantage, and the reality is that the hacking problem cannot be solved, but it can be proactively managed.

This approach is different because it cuts down on the false positives often generated with traditional breach-detection solutions and it allows network administrators to study the movements and strategies of an adversary in what they think is a real network.

Many organizations have a strong security perimeter composed of firewalls, IDS/IPS and end-point security solutions. But when an adversary has already bypassed these precautions and is inside an organization’s network, they’re typically only discovered after data has been compromised or as they’re causing harm.

By trapping the malware and studying the movements of an adversary in this decoy environment, the cybersecurity community is able to learn their strategies, provide contextual awareness of the threat and thus develop stronger, more accurate responses.

This deception technology is growing commercially among financial and health care institutions, as well as technology, energy and entertainment companies. The deception cybersecurity market is already valued at $12 billion and is expected to grow steadily at about 19 percent annually, according to MarketResearch.com.

So why do deception solutions make sense for government? The Trump administration hasn’t yet signed a cybersecurity executive order. But there are components of the draft order that speak to deception solutions. If signed, agencies will be required to provide recommendations on ways national security systems and public and private critical infrastructure can be better protected.

The draft order also calls for a report on the identities, capabilities and vulnerabilities of the most common cyber adversaries to U.S. interests. The ability of deception cybersecurity tools to study the movements and behaviors of adversaries within decoy networks could be particularly useful here.

One of the biggest challenges facing agencies is the shortage of cyber analysts. Because of their in-demand skills, they command higher salaries in the private sector, making it harder for agencies to recruit them. That shortage doesn’t help the high number of breach alerts created by legacy security products. It’s too much for an understaffed workforce to keep up with. Deception technology allows them to prioritize the critical alerts and not waste time with false positives.

The second major challenge is how many intruders are hitting government agencies, especially with financial and espionage motives. They represented a staggering 89 percent of all breaches last year, with most of those hitting government agencies. They reported 31 cyber-espionage infiltrations last year, according to Verizon’s 2016 Data Breach Investigations Report. Another disturbing trend was the fact that government accounted for the highest number of security incidents by far in 2015, with more than 47,000.

If the federal government wants to take its cybersecurity strategy up a notch, it should look at this type of solution. A handful of companies are talking to government about deception solutions and we expect more to enter the market as the threat becomes even harder to manage. Resellers and systems integrators should start adding deception to their cyber offerings.

Looking for more guidance on cybersecurity trends and solutions? Connect with Nick directly or learn more about immixGroup’s cybersecurity capability.