The art of deception in cybersecurity

I’ve been working in the cybersecurity space for the past 18 months. I’m no expert on the matter, but I do know about corporate relationships and selling to big companies. I spend my time working on a smart development in the deception technology space. These are a few lessons I’ve learnt:  

         The levels of skills are not what they should be. Many companies have substandard security policies and poorly configured defence technology.
         Network security is usually a grudge purchase.
         There’s a lack of maturity about risk with a matching under-investment in cybersecurity.
         Many people are not concerned about cybersecurity saying, “We are okay, we haven’t had any problems.”

Most global corporate efforts on cybersecurity have centred around securing the perimeter. But considering that most attacks come from inside organisations, corporate mindsets are now slowly evolving to include internal traps.

And this is the arena in which we play. We have partnered with leaders in the deception technology space and offer a network trap that complements your existing perimeter defence. Think of us as the motion sensor (to complement the front door) on your property. If your first line of defence is breached, then trip wires send out alerts when an infringement occurs. We notify enterprises of unsanctioned lateral movement on their networks.

If you believe you have no problems then asking you to deploy network traps is hard work. Of course, there may be a compliance parameter, which makes the proposition easier. Or perhaps you’re conducting a penetration test and want to catch hackers red-handed to see if your traps are working. Then there’s a compelling case for deception technology. But after numerous meetings, I can tell you that it’s a challenge – but important work nevertheless. The tech is smart and inspired, but if you are met with ignorance then it’s a very hard sell.

We are involved with the art of deception. It’s a way to trick hackers and to get wrongdoers to reveal themselves. An alert may be the most important thing you will ever get, and it’s there when you need it most. This is what network traps do. They sit there quietly, like smoke detectors, and if they sense something’s wrong, a silent alarm is triggered. The silence has a purpose, you don’t want to startle the hacker, but you want to know when there’s an unwelcome intruder on your network.

Magic, the art of deception, is fun and rich in storytelling and creativity. It’s the same with our traps. We have a mixed interaction honeypot called Canary, which is used by leading companies all over the world. It gives them peace of mind because it uncovers breaches on their corporate networks.

A popular magician is well-known for saying: “Magic’s the only craft that you practise constantly so you can hide your skill … with a good magician, the skill goes unnoticed.” This is also true of the IT world. If we do our jobs well, then we go unnoticed. But when IT fails, chaos ensues. And when a company is hacked, several panicked calls go out. For example, Ransomware has helped me to meet many company heads, but they are stressed and anxious when I meet them.

I enjoy my work – the tech is smart and plays a key role in helping companies avoid disaster through an early warning system.

No business wants to be hacked and read about their vulnerabilities in the next news headline. What intrigues me is when someone says: “We can’t afford to spend any more time or money on our security.” This is something I hear fairly often. But would you say this about your health? The health of your company’s network is as important as your personal health, but there are still some people who ignore this. I often hear people say: “We are okay, we’re not at any real risk.”

Sure, not every company has the same level of risk, but if you think hacking won’t affect your business, you are mistaken. And it’s just a matter of time. Every company will get hacked sooner or later.

The art of deception is creative and inspired, but is often misunderstood. When we witness an illusion, we often guess how it will work out. And when it comes to your company’s cybersecurity, then there’s no need to guess. We are here to help because this is what we do.

Old friends

Russ and Sam, two friends, met in the park every day to feed the pigeons, watch the squirrels and discuss world problems.

One day Russ didn’t show up. Sam didn’t think much about it and figured maybe he had a cold or something… But after Russ hadn’t shown up for a week or so, Sam really got worried. However, since the only time they ever got together was at the park, Sam didn’t know where Russ lived, so he was unable to find out what had happened to him.

A month had passed, and Sam figured he had seen the last of Russ, but one day, Sam approached the park and, lo and behold, there sat Russ!

Sam was very excited and happy to see him and told him so. Then he said, ‘For crying out loud Russ, what in the world happened to you?’

Russ replied, ‘I have been in jail.’

‘Jail!’ cried Sam. What in the world for?’

‘Well,’ Russ said, ‘you know Sue, that cute little blonde waitress at the coffee shop where I sometimes go?’  ‘Yeah,’ said Sam, ‘I remember her. What about her?’

‘Well, the little gold-digging witch figured I was rich and she filed rape charges against me; and, at 89 years old, I was so proud that when I got into court, I pleaded ‘guilty’.

‘The judge gave me 30 days for perjury.’