Shadowy attackers targeting organizations from halfway around the world grab most of the cybersecurity headlines. However, research shows that 60 percent of data breaches and other cyberattacks on organizations are actually carried out by rogue or negligent insiders. According to a recent study by the Ponemon Institute, it takes an average of 72 days to contain an insider threat, and typical organizations with over 1,000 employees spend an average of US$8.76 million cleaning up after insider incidents every year.
UPDATE - Since this post was first published, MITRE has issued a technical white paper fully endorsing the implementation of Deception Technology. Download the report, entitled The Cyberspace Advantage: Inviting Them In
For a cyber attacker, every organization is a potential target. Attack frequency and degrees of severity vary with the attacker's skill level, the assets they want, choice of tactics, and the sophistication of their targets' defenses. With attacks constantly in the headlines, it's no wonder security teams might feel overwhelmed. But in reality, not all threats are equal. Not all threats are relevant to all organizations. And not all threats are known.
Illusive’s great partner, CriticalStart, has just produced a troubling report showing SOC Analysts are increasingly facing burnout due to an overload of alerts. The number of alerts per analyst is growing. The time required to investigate alerts is growing. The frustration of chasing false alerts is demoralizing and demotivating.
Employee burnout is a serious issue on both a human and business front. A recent Gallup study found that about two-thirds of full-time workers experience job related burnout. The organization cost is high as burned out workers are less productive, less healthy, and less satisfied with their jobs.
Last week, Gartner held the latest iteration of its Security and Risk Management Summit in Mumbai, and Senior Director Analyst Gorka Sadowski echoed what Illusive has been saying for a while: the time has come for enterprises of all kinds to take advantage of next-generation deception technology. Sadowski divided his presentation into three sections, whose titles asked the following questions:
- Is it the right time for deception solutions?
- Are deception solutions right for any enterprise?
- What’s the future outlook for deception platforms?
Is it time for the proverbial “Honeypots are Dead” Post?
Returning from Black Hat earlier this month, I couldn’t help but reflect on how honeypots were still the first thing that came to mind when many attendees heard the word “deception.” It’s true that when deception technology first emerged years ago, honeypots were the most analogous technology to describe the way deception worked, in that a honeypot tries to trick an attacker into interacting with it. However, deception has come a long way since honeypots materialized in the 1990s and were first commercialized in the 2000s. Call the new generation of deception technology what you will, just don't call it a honeypot.