Go To Home

Why Deception Matters in Cybersecurity

by Smokescreen Team

A History of Deception

Deception has a centuries-old successful history in military warfare. Military doctrine from Sun Tzu, Genghis Khan, Clausewitz, Machiavelli and Chanakya, all the way through the Second World War has stressed the importance of deceiving the enemy to know their plans and thwart their objectives. Clearly, deception matters.

Military history is rife with examples of crucial victories, won through subterfuge:

  • The Trojan Horse of Troy
    Perhaps the most well-known example. The Greeks hid a force of men in a giant wooden horse and feigned retreat. The Trojans pulled the ‘victory trophy’ inside the city gates. That night, the hidden Greek troops crept out of the horse and opened the gates for the rest of their army.
  • The Mangudai of the Mongol Army
    Genghis Khan’s army relied heavily on light cavalry that would harass the front-lines of the enemy force. They would charge, feign retreat, and draw the enemy towards favourable ground.
  • The Ninja’s of feudal Japan
    The ninjas represent the ultimate adoption of deception in conflict. Practically every tactic revolved around deceiving the enemy, to the point that ninjas would spread rumours of their supernatural powers. They were masters of disguise and used distraction devices such as smoke grenades to infiltrate heavily fortified installations and sieze victory.
  • Operation Mincemeat
    During the Second World War, the Allies planted a corpse off the coast of Spain with a briefcase containing detailed plans to invade Europe through Greece. The Germans recovered the body and believed the ‘secret’ documents;
    making preparations to reinforce Greece. It was considered one of the most successful deception operations in the war.

Information today is the coin of the realm, and as such, using deception and misinformation have never been more topical to modern conflict.

Old Strategies, New Battles

Early in computer security, many attacks were famously thwarted through ingenious deception by the defenders. The most famous examples are Clifford Stoll’s tracking a Russian hacker in the 80’s. The story is told best in his book, The Cuckoo’s Egg

However, as computing evolved and became more complex, this form of active defence was superceded by protective measures — firewalls and antivirus.

Unfortunately, today’s attacks on computer security have shown that protection is both overrated, and impossible to achieve. The largest organisations, from Target Corp. to J.P. Morgan and Sony have been victims of massive hacks, despite
having every conceivable protection mechanism.

Hackers themselves rely heavily on deception. Social-engineering, or hacking the human, is the number one mechanism used to gain a foothold in the organisation.

Why then don’t defenders deploy deception? Up until now it was too hard. Too complex to maintain. That has changed now. Active defence is the future of cyber-security, and organisations that forget the foundational principles of warfare will be on the back-foot in dealing with the most modern form of war.

#deception#history#philosophy#strategy

Continue Reading

  • The curious case of “How many decoys do I need?”

    Decoys can be deployed everywhere in your network – current-gen deception technology makes that possible. There are however no free lunches and pervasive deception might come with a cost. So the question is, should you?
    By Sudarshan Pisupati
  • Open Source Honeypots That Detect Threats For Free

    If you’re a target for either financially motivated cyber-criminals, or nation-state grade attackers, chances are your security team feels outgunned. Deception technology excels at detecting these attacks by shifting the cognitive, economic and time costs of the attack back onto the attacker.
    By Smokescreen Team
  • 7 Ways to Fail At Implementing Deception Technology

    Since there’s precious little information on how security teams can make deception implementations successful (some folks like to keep it a secret), there’s plenty that can go wrong. Here are 7 ways to completely botch your deployment of deception technology.
    By Smokescreen Team
  • Have you tried out IllusionBLACK yet?
    • Detect zero-days, APTs, and insider threats
    • 10x the detection capabilities with 1/2 the team
    • Get started in minutes, fully functional in hours
    Schedule a demo
    Go to home

    Simple solutions for detecting and containing threats. Working with us does not break the bank or your spirit. We’re the company of choice for offensive security teams with a Net Promoter Score of 70+.

    © 2020 Smokescreen. All rights reserved.

    Solutions For
    Web Application AttacksLateral MovementRansomware AttacksTargeted ThreatsSocial EngineeringMalware-less Attacks