By Cesar Cid de Rivera, International VP of Systems Engineering at Commvault
Cyberattacks continue to grow in sophistication and volume, with the UK seeing a 77% increase in 2022 alone. There’s also a huge financial impact with ransomware incidents, resulting in banks processing $1.2 billion in suspected payments last year – an annual increase of nearly 200%.
These trends are indicative of a wider set of problems faced by organisations that need to keep networks and data safe from a multitude of threats. A major part of the challenge, however, is that many IT teams simply don’t have the technologies and processes in place to proactively address issues such as ransomware. In fact, recent industry research revealed that only 12% of organisations believed their detection tools were adequate and capable of protecting their growing data estate.
So, what needs to change in order to deliver better security? For many organisations, the emphasis is shifting towards combining data protection and cybersecurity in a way that improves perimeter defences to stop intrusions from happening in the first place. In practical terms, this depends on the implementation of a multi-layered approach to security whereby organisations aren’t forced into recovery mode with all the disruption and expense that brings.
Early warning and rapid response
Among the most useful approaches to delivering better perimeter protection comes from the addition of deception technologies, especially for dealing with the risks posed by zero-day threats, which represent a major blindspot for many contemporary security systems. Historically known as ‘honeypots’, they are a longstanding and widely used technique to lure attackers away from their intended target to a benign online location where their activities can be controlled and studied.
While this approach can be effective, it is seriously limited by a narrow field of view that can only detect directly targeted attacks. If network access is gained by some other means, honeypots play no role in the detection or mitigation of a security breach.
Recently, however, the tactics that sit at the heart of the honeypot approach have been reinvented to meet current requirements. Known as cyber deception, this technique relies on the creation of virtual decoys that look and behave like real digital assets and are designed to actively engage bad actors. As soon as a fake asset is touched, security teams are alerted so they can rapidly isolate the risk before real systems and data are impacted. Implemented as part of a layered approach throughout a network, cyber deception doesn’t suffer from the limitations of honeypots but instead acts as an early warning system so security teams can react proactively in real time before any real assets are attacked.
Delivered using SaaS-based sensor technologies, cyber detection mimics any user asset and is deployed throughout the host environment with fake digital assets that, to attackers, appear completely authentic. They can also be scaled according to need, with new decoys deployed in a matter of seconds. This is crucial given the fast-moving pace of threat actor tactics – the more fake assets that are present within an environment, the more likely real assets will be overlooked by attackers.
Operating without impeding normal network functionality, security teams can track the way threat actors interact with the decoys with enormous precision, enabling them to focus on the methods used by attackers to try and gain access. This information can prove invaluable when updating security strategies on a general level and against specific vulnerabilities.
This approach allows organisations to deliver multi-layered protection against increasingly common security risks, such as ransomware attacks. In doing so, it equips users with the capability to swiftly recognise and redirect malicious threats before networks are accessed or data is stolen.
In today’s landscape, where ransomware has rapidly developed into a major catalyst of cybercrime globally, it’s clear that current technologies alone can neither avert every attack nor guarantee victims can rapidly recover. That’s why an end-to-end approach is critical – one that combines advanced prevention and detection with effective, real-time response and mitigation capabilities. With comprehensive protection spanning endpoints, networks, cloud environments, and users, organisations can use the power of deception to effectively fight back against ransomware and minimise business disruption.
