The Financial Sector Can Lead the Charge in Deception Security

September 18, 2019

This summer, more than one million Capital One clients had their information breached, furthering the financial sector’s infamous reputation of being the most breached industry with 35 percent of all data breaches. However, the driving force is not just that breaches in the financial sector can be lucrative for those attacking, it is also due to the fact that in an effort to meet consumer demands for access to accounts and transactions anywhere, anytime, this industry has moved more quickly than others on the digital transformation journey. In the process, the financial sector has dramatically grown its cyber terrain, and burdened itself with too many unorganized and insecure systems for the millions of transactions it processes daily.

Breach news and metrics jeopardize organizational trust. The industry needs to approach cybersecurity as a bigger piece of its customer experience and as part of its practices. The sector’s current cybersecurity solutions rely on monitoring an abundance of data. This is overburdening security teams that are already under staffed. These solutions are simply unable to effectively monitor the volume of data, nor can they effectively identify problems that indicate malicious or potentially harmful activity. Security professionals are left chasing benign alert after benign alert.

Emerging security technologies like deception security offer a new way to both deter attacks and prevent data loss. Cyber deception relies on building a layer of decoys or hosts that project an appearance of being real machines to confuse and misdirect adversaries. It also offers a way for teams to collect threat intelligence which can be used to improve overall security.

How Deception Security Works

Deception leads an attacker down a harmless path by planting digital fakes called breadcrumbs, and exploitable devices called decoys. The threat actor believes they’re undetected as they move through the network, unaware that the data they mine is fake. Better yet, when a false device is attacked, security teams are alerted so they can watch the intruder dig around and learn from their activity.

Breadcrumbs—in the form of files, email, documents, fake credentials, cookies in the browser or application data—are distributed as bait among real-assets and decoys. As there is no real reason to access the decoys, anyone engaging with a decoy is a potential threat. Once they’ve attracted interest, decoys alert the system of the threat, block the attacker from accessing real assets, and send the attacker off on in a futile search, bombarding them with additional fake services and data for engagement. Meanwhile, security personnel may observe the activity in a safe manner.

This method changes the terrain’s appearance by altering the attacker’s perception of what is exploitable, thereby removing the attacker from the true terrain. This reduces the workload of security teams as they no longer need to go over false alerts. Rather, they can use deception as a starting point to hunting.

Modern deception uses emulation or virtual-machines for decoys and services, and does not increase an organization’s risk profile (does not increase the attack surface). Efforts to deploy deception and administrate it are actually very low, especially when the deception solution is automated. To be clear, a deception system can be largely automated—based on network and asset discovery including decoy creation, decoy and breadcrumb distribution, to adapting to network and resource changes—while alerting security operations of activity on a pre-determined basis.

Any good deception solution is frictionless; it does not interfere with the networking or the process of the organization. Deception tech is a viable means of security and protection to both deter attacks and prevent data loss.

The Stakes in the Financial Industry

To monitor at the network level, IT and security teams at financial organizations need different types of sensors that watch traffic being sent across network, switching and routing fabrics. For example, global companies process millions of transactions internationally so their systems must register accurate account balances no matter the currency used, time of day or location. Protecting this infrastructure is of huge importance. Only a few cybersecurity platforms can handle monitoring the volume and integrity of such traffic.

The financial industry pays the highest cost from cybercrime, about $18.3M per company according to an Accenture survey. Organizations are struggling to effectively integrate security into their infrastructure as is. With the vast number of customer-owned devices connecting to their networks, financial sector organizations will never be able to fully secure their entire terrain via endpoint, middleware and authentication systems. However, achieving visibility across the entire breadth of network traffic forces staff to create new rules and log analysis that can accurately identify an anomaly versus normal network behavior. As adversaries continually evolve their attack methods, this grows increasingly difficult. IT and security staff must keep up with the exponentially increasing network terrain in addition to anticipating how threat actors will evolve their attack methods.

In short, financial organizations can no longer get by fighting security threats as they arise. The Capital One breach itself exposed approximately 100 million people's personal data, including nearly about 80,000 bank account numbers and 140,000 Social Security numbers. Not only can a breach like this become a massive law suit, but it hurts the organization’s relationship with its customers and key stakeholders.

Organizations with mature cybersecurity operations have already begun adopting deception technologies. Many more small- and mediums-sized organizations initiate deployments every day to help support protection of un-managed hosts. Others need to follow suit.

Although deception technology can be used in limited network areas, its true power is best experienced after an organization deploys the solution across its entire cyber terrain – giving organizations a clear view of their attack surface and key vulnerabilities. This eliminates blind spots in which threat actors can potentially hide and better helps financial organizations better protect their entire terrain.

Already a leader in digital transformation and putting customer experience first, the financial industry can also take the lead in cyber security and putting customer protection first. Deception practices can help turn the tables.

Doron Kolton, Deception CTO, has held executive and management roles in cybersecurity and software development for over 25 years. He serves now as the CTO for the Deception in Fidelis Cybersecurity. Doron founded TopSpin Security in 2013 building an enhanced architecture providing accurate detection with minimal overhead; he was the CEO of TopSpin Security until the company was acquired by Fidelis Cybersecurity. Previously he served as Vice President of Products and Engineering at Breach Security acquired by Trustwave and has had several roles in Motorola Semiconductor Israel including leading the software development for the company.

You must login or register in order to post a comment.

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe. Organizations need to be prepared through a unified and rapid response to these events.