In discussions about cyberattacks, "when, not if" has become overused. We all know attacks are going to happen to every organization that depends on the Internet — which of course, is nearly every one. The risk of an attack is always present — and, in fact, malicious actors or software are probably present at most times in most environments.
Not so clear is what companies should do in the face of the ever-present threat. The idea is gaining ground that better security controls, alone, won't solve the problem. Companies that face those facts are making significant shifts in cyber strategy. Some ramp up investment in cyber insurance. Others are sharpening crisis-handling skills so they can respond better on the back side of a successful attack. Every organization must assess its risks and design its own formula.
However, prevention is not dead. While it may not be possible to prevent infiltration, it is possible to prevent the business impact using an approach that looks at the challenge through the attacker's lens and turns his own weapons against him. State-of-the-art deception technologies now make it more practical and cost-effective to put greater emphasis on identifying attacks in progress by identifying and engaging attackers in the early lateral movement stages in order to prevent attackers from ever reaching critical systems and data.
Who should make these investments? Every security leader should be giving these products serious consideration. Deception technology is no longer an "advanced" toolset reserved for the highly skilled. Reaping the benefits does not require an exceptionally mature cybersecurity infrastructure. In fact, in some cases, the organizations that benefit the most are those with serious gaps that need to quickly bolster protection. Because deception has evolved to leverage machine intelligence and automation, they can immediately empower teams of all skill levels to:
- Improve detection of attacker presence
- Identify their location in relation to critical systems
- Accelerate forensic data collection and analysis
- Improve cyber hygiene by identifying policy violations and advanced persistent threat risk factors so they can be corrected to reduce the attack surface
Proactive defense against advanced persistent threats or may be most urgent for security teams that face the challenge of supporting exceptionally dynamic business environments. The breakneck pace of digital transformation and smart device adoption, the growing dependence most organizations have on a wide range of third-party data-sharing, and proliferation of M&A activity in many industries are just some of the business trends that increase security gaps faster than even the best cyberteams can keep up with.
To enable their businesses to progress with confidence, these CISOs have to find ways of protecting essential assets even with attackers in their midst. For them, deception is not a luxury, a nice-to-have if there's room in the budget. It's a must-have — an essential tool to slow down and disrupt attackers without slowing down and disrupting the business.
Hear Ofer speak about "How to Make Deception Part of Your Cybersecurity Defense Strategy" on November 30 at the INsecurity Conference sponsored by Dark Reading.