Intelligent CISO Issue 13 | Page 67

decrypting myths Using deception techniques to outmanoeuvre attackers Throughout history, deception has been a key strategy in military operations and is now being applied in a cybersecurity context to not only outmanoeuvre attackers but also gain valuable information on their methods and targets. Carolyn Crandall, Chief Deception Officer at Attivo Networks, talks to us about how deception technology can help enterprises even the playing field of cyberwarfare with a proactive approach to security. www.intelligentciso.com | Issue 13 C ybersecurity is an extremely fast- moving field, with new discoveries on both the offensive and defensive sides constantly changing the rules of the game. One constant however is the use of deception. times. The use of false information, feints and decoys has often provided an army with a powerful opportunity to outmanoeuvre and overpower the opposing force. Examples in modern conflicts include the use of fake tank battalions and facades of entire villages during World War II. Most attacks begin with the use of deceptive techniques to acquire key information or gain a foothold in the target’s network. Social engineering methods such as phishing emails are the weapon of choice for tricking victims into sharing their login credentials or downloading malware. Aside from fooling human users, the attacker will also need to deceive the network itself, and its protectors, into accepting them as a legitimate user once they have found a way in. While deception in physical conflict has often been an equal opportunity affair, in cyberwarfare the strategy has traditionally only been used by the attacking side. Cybercriminals have a serious advantage over their targets as they are able hide in plain sight and take their time researching and planning their attack. In this way, organisations are tricked into believing what is fake is real, not only in phishing expeditions but also when attackers masquerade as legitimate employees. The use of deception as a technique to overcome one’s adversary is not new and has been an important tactic in winning physical conflicts since ancient Meanwhile, organisations are reliant on reactive security controls that postpone any response until after the attack is already in motion. Often too late to A one-sided conflict 67