Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Leadership and ManagementCybersecurity NewsBanking/Finance/Insurance

The Financial Sector Can Lead the Charge in Deception Security

By Doron Kolton
cyber-person
September 18, 2019

This summer, more than one million Capital One clients had their information breached, furthering the financial sector’s infamous reputation of being the most breached industry with 35 percent of all data breaches. However, the driving force is not just that breaches in the financial sector can be lucrative for those attacking, it is also due to the fact that in an effort to meet consumer demands for access to accounts and transactions anywhere, anytime, this industry has moved more quickly than others on the digital transformation journey. In the process, the financial sector has dramatically grown its cyber terrain, and burdened itself with too many unorganized and insecure systems for the millions of transactions it processes daily. 

Breach news and metrics jeopardize organizational trust. The industry needs to approach cybersecurity as a bigger piece of its customer experience and as part of its practices. The sector’s current cybersecurity solutions rely on monitoring an abundance of data. This is overburdening security teams that are already under staffed. These solutions are simply unable to effectively monitor the volume of data, nor can they effectively identify problems that indicate malicious or potentially harmful activity. Security professionals are left chasing benign alert after benign alert. 

Emerging security technologies like deception security offer a new way to both deter attacks and prevent data loss. Cyber deception relies on building a layer of decoys or hosts that project an appearance of being real machines to confuse and misdirect adversaries. It also offers a way for teams to collect threat intelligence which can be used to improve overall security. 

How Deception Security Works

Deception leads an attacker down a harmless path by planting digital fakes called breadcrumbs, and exploitable devices called decoys. The threat actor believes they’re undetected as they move through the network, unaware that the data they mine is fake. Better yet, when a false device is attacked, security teams are alerted so they can watch the intruder dig around and learn from their activity. 

Breadcrumbs—in the form of files, email, documents, fake credentials, cookies in the browser or application data—are distributed as bait among real-assets and decoys. As there is no real reason to access the decoys, anyone engaging with a decoy is a potential threat. Once they’ve attracted interest, decoys alert the system of the threat, block the attacker from accessing real assets, and send the attacker off on in a futile search, bombarding them with additional fake services and data for engagement. Meanwhile, security personnel may observe the activity in a safe manner.

This method changes the terrain’s appearance by altering the attacker’s perception of what is exploitable, thereby removing the attacker from the true terrain. This reduces the workload of security teams as they no longer need to go over false alerts. Rather, they can use deception as a starting point to hunting. 
 
Modern deception uses emulation or virtual-machines for decoys and services, and does not increase an organization’s risk profile (does not increase the attack surface). Efforts to deploy deception and administrate it are actually very low, especially when the deception solution is automated. To be clear, a deception system can be largely automated—based on network and asset discovery including decoy creation, decoy and breadcrumb distribution, to adapting to network and resource changes—while alerting security operations of activity on a pre-determined basis.

Any good deception solution is frictionless; it does not interfere with the networking or the process of the organization. Deception tech is a viable means of security and protection to both deter attacks and prevent data loss.

The Stakes in the Financial Industry 

To monitor at the network level, IT and security teams at financial organizations need different types of sensors that watch traffic being sent across network, switching and routing fabrics. For example, global companies process millions of transactions internationally so their systems must register accurate account balances no matter the currency used, time of day or location. Protecting this infrastructure is of huge importance. Only a few cybersecurity platforms can handle monitoring the volume and integrity of such traffic.

The financial industry pays the highest cost from cybercrime, about $18.3M per company according to an Accenture survey. Organizations are struggling to effectively integrate security into their infrastructure as is. With the vast number of customer-owned devices connecting to their networks, financial sector organizations will never be able to fully secure their entire terrain via endpoint, middleware and authentication systems. However, achieving visibility across the entire breadth of network traffic forces staff to create new rules and log analysis that can accurately identify an anomaly versus normal network behavior. As adversaries continually evolve their attack methods, this grows increasingly difficult. IT and security staff must keep up with the exponentially increasing network terrain in addition to anticipating how threat actors will evolve their attack methods. 

In short, financial organizations can no longer get by fighting security threats as they arise. The Capital One breach itself exposed approximately 100 million people's personal data, including nearly about 80,000 bank account numbers and 140,000 Social Security numbers. Not only can a breach like this become a massive law suit, but it hurts the organization’s relationship with its customers and key stakeholders. 

Organizations with mature cybersecurity operations have already begun adopting deception technologies. Many more small- and mediums-sized organizations initiate deployments every day to help support protection of un-managed hosts. Others need to follow suit. 

Although deception technology can be used in limited network areas, its true power is best experienced after an organization deploys the solution across its entire cyber terrain – giving organizations a clear view of their attack surface and key vulnerabilities. This eliminates blind spots in which threat actors can potentially hide and better helps financial organizations better protect their entire terrain.
 
Already a leader in digital transformation and putting customer experience first, the financial industry can also take the lead in cyber security and putting customer protection first. Deception practices can help turn the tables.

KEYWORDS: data breach financial sector transaction

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Doron kolton

Doron Kolton, Deception CTO, has held executive and management roles in cybersecurity and software development for over 25 years. He serves now as the CTO for the Deception in Fidelis Cybersecurity. Doron founded TopSpin Security in 2013 building an enhanced architecture providing accurate detection with minimal overhead; he was the CEO of TopSpin Security until the company was acquired by Fidelis Cybersecurity. Previously he served as Vice President of Products and Engineering at Breach Security acquired by Trustwave and has had several roles in Motorola Semiconductor Israel including leading the software development for the company. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Person holding cellphone

Millions of Android, iPhone Users Could Be Sending Data to China

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC1119-talk-Feat-slide1_900px

    Vaping and Students: Enterprise Security Needs to Lead the Charge

    See More
  • bank

    The pros and cons for AI in financial sector cybersecurity

    See More
  • financial- enews

    The Building of a Cyber Resilient Financial Services Sector

    See More

Related Products

See More Products
  • facility manager.jpg

    The Facility Manager's Guide to Safety and Security

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!