Cyber deception technology, where traps are set in networks to lure in hackers, is enjoying a spike in popularity across the private sector, delegates at the Infosec Europe conference in London heard this week. But businesses considering whether to use the technology should be prepared for potentially unpredictable outcomes, the event was told.
Cyber deception technology has been a weapon in the cyber arsenal of governments and their intelligence agencies for years. It refers to a wide variety of techniques that can be used to lure cybercriminals into interacting with dummy digital resources called “honey pots” and “honey tokens”. This enables tech teams to monitor the behaviour of criminals in their networks, and potentially slow the progress of a breach until defensive measures can be put in place.
Cyber deception’s popularity is growing
Decoys can include dummy servers, networks and email accounts. Experts who spoke as part of a discussion at the conference entitled Innovative Deception Technologies for Proactive Cyber Defence Tactics – Implementing Guidelines said it was an open secret that such tactics are becoming commonplace.
“I have organisations who will admit to me that they are using cyber deception,” said Debi Ashenden, professor in cybersecurity at Adelaide University. “I have said ‘can I have a use case? Can I anonymise it?’, but they won’t talk about it.” I think that’s really interesting.”
Ashenden pointed out that the level of investment put into cyber deception companies shows interest in the technology is growing. “In recent years we’ve seen an awful lot of funding going into cyber deception technology companies,” she said. “And they’re coming up with some really innovative products.”
The global deception technology market size is expected to grow to $2.54bn in 2023 at a compound annual growth rate of 15.5%, growing to $4.5bn in 2027.
Deploy cyber deception with caution, Maersk executive warns
But the lack of openness about the deployment of these new tools has led to a distinct lack of data on their effectiveness, said Lewis Woodcock, senior director of cyber operations at shipping giant Maersk.
“Potentially you’re encouraging hackers to tap into your network and move around,” Woodcock said. “If the tools are poorly deployed, there may be unpredictable consequences.
“With deception technology there’s a worry that it is the latest cool industry trend. But I think before even considering that, organisations need to stop to think ‘what are we actually trying to achieve? Is it purely another detection mechanism?’.”
Woodcock did not disclose whether Maersk uses cyber deception, but said such technology must fit with an organisation’s wider security strategy. “There’s no point in deploying the technology if you don’t know how you’re going to respond if it gets triggered,” he said.
Cyber deception can include decoy websites, data accounts and domain names, but Woodcock said such stings must be carefully planned so that they appear authentic.
“If they’re poorly deployed, criminals are going to work out that you’re running a separate technology,” he said. “[If that happens], are they going to start running counter-deception?”