The art of deception in cybersecurity

I’ve been working in the cybersecurity space for the past 18 months. I’m no expert on the matter, but I do know about corporate relationships and selling to big companies. I spend my time working on a smart development in the deception technology space. These are a few lessons I’ve learnt:  

         The levels of skills are not what they should be. Many companies have substandard security policies and poorly configured defence technology.
         Network security is usually a grudge purchase.
         There’s a lack of maturity about risk with a matching under-investment in cybersecurity.
         Many people are not concerned about cybersecurity saying, “We are okay, we haven’t had any problems.”

Most global corporate efforts on cybersecurity have centred around securing the perimeter. But considering that most attacks come from inside organisations, corporate mindsets are now slowly evolving to include internal traps.

And this is the arena in which we play. We have partnered with leaders in the deception technology space and offer a network trap that complements your existing perimeter defence. Think of us as the motion sensor (to complement the front door) on your property. If your first line of defence is breached, then trip wires send out alerts when an infringement occurs. We notify enterprises of unsanctioned lateral movement on their networks.

If you believe you have no problems then asking you to deploy network traps is hard work. Of course, there may be a compliance parameter, which makes the proposition easier. Or perhaps you’re conducting a penetration test and want to catch hackers red-handed to see if your traps are working. Then there’s a compelling case for deception technology. But after numerous meetings, I can tell you that it’s a challenge – but important work nevertheless. The tech is smart and inspired, but if you are met with ignorance then it’s a very hard sell.

We are involved with the art of deception. It’s a way to trick hackers and to get wrongdoers to reveal themselves. An alert may be the most important thing you will ever get, and it’s there when you need it most. This is what network traps do. They sit there quietly, like smoke detectors, and if they sense something’s wrong, a silent alarm is triggered. The silence has a purpose, you don’t want to startle the hacker, but you want to know when there’s an unwelcome intruder on your network.

Magic, the art of deception, is fun and rich in storytelling and creativity. It’s the same with our traps. We have a mixed interaction honeypot called Canary, which is used by leading companies all over the world. It gives them peace of mind because it uncovers breaches on their corporate networks.

A popular magician is well-known for saying: “Magic’s the only craft that you practise constantly so you can hide your skill … with a good magician, the skill goes unnoticed.” This is also true of the IT world. If we do our jobs well, then we go unnoticed. But when IT fails, chaos ensues. And when a company is hacked, several panicked calls go out. For example, Ransomware has helped me to meet many company heads, but they are stressed and anxious when I meet them.

I enjoy my work – the tech is smart and plays a key role in helping companies avoid disaster through an early warning system.

No business wants to be hacked and read about their vulnerabilities in the next news headline. What intrigues me is when someone says: “We can’t afford to spend any more time or money on our security.” This is something I hear fairly often. But would you say this about your health? The health of your company’s network is as important as your personal health, but there are still some people who ignore this. I often hear people say: “We are okay, we’re not at any real risk.”

Sure, not every company has the same level of risk, but if you think hacking won’t affect your business, you are mistaken. And it’s just a matter of time. Every company will get hacked sooner or later.

The art of deception is creative and inspired, but is often misunderstood. When we witness an illusion, we often guess how it will work out. And when it comes to your company’s cybersecurity, then there’s no need to guess. We are here to help because this is what we do.