The financial services industry has been on hackers’ radar for quite some time. In fact, banks are regularly targeted by sophisticated actors as well as script kiddies. Banks with mature cybersecurity practices do not assume their systems are secure. Instead, they are constantly on the lookout for threats that could harm their assets. They also regularly invest in methods to improve security while removing any assumption of invincibility.
The threats that already exist on banks’ networks are very difficult to detect and neutralize. They may have already controlled applications and exfiltrated data and user information from the system. Conventional security systems based on old or outdated detection techniques will lead to a deluge of false positives (some of which might even be initiated by hackers to ensure detection fatigue).
With passive defense, banks are always on the defensive, which results in
- Hackers have the upper hand to attack the banks
- A lot of false positives that can paralyze the functioning a security operations team
- More often than not, bank security teams do not having the skills to deal with sophisticated threats
- There’s no way for a bank to know what kind of targets hackers plan to hit
- Even with a plus disciplined threat hunting programthreats can still slip through
The solution, therefore, is to adopt an active defense posture using luring and deception to trick hackers into thinking they are targeting real systems. Such systems provide a very high level of clarity in terms of understanding hacker behavior, tools, tactics, and targets. Hackers will be kept engaged and their attack cycles will be wasted on decoy infrastructure that has no value to a bank.
How Decoy and Deception Systems Work
Decoy and deception systems work by creating digital fraternal twins of real infrastructure that mimic every possible attribute of the system they are mimicking. These decoys are strategically located and when a hacker breaks into a banking network, they will first discover these decoys before discovering real systems. Once the decoy is discovered, the hacker will try to drop several backdoors and try ways to drop more potent malware into the fake system.
Once done, the hacker will move onto the fake network and try to locate important assets and exfiltrate data and credentials. They can even use stolen credentials to access subdirectories or subsystems. All the while, the hacker will have no idea what he is chasing a fake system.
Deception systems are often designed to be triggered by active thresholds and these can be changed depending on a bank’s threat perception. Servers, work machines, laptops, networking equipment, Wi-Fi systems, CRM or other front-end systems can all be turned into decoys. Threat actors can hypothetically be kept engaged for an extended period of time and even appear to have obtained real data or entered the real network when they would be quite far from the real infrastructure .
Essential characteristics of a decoy and a deception system
Before purchasing a decoy and deception system, the following characteristics of the solution being considered should be analysed:
- Ease of deployment: the solution must be easy to deploy and integrate into a bank’s IT environment
- Custom dashboards and user interface: setting up data and control dashboards should also be an easy task
- Degree of mimicry: the solution should be able to comprehensively mimic the technology environment with as many attributes covered as possible
- Scalability: the lure and deception solution must be able to meet the growing needs of the bank in which it is deployed
- Manage false positives
- Detect and initiate scans: the attempted reconnaissance activity should also be initiated by the solution
Decoy and deception solutions represent an easy way to engage and investigate threats and malicious actors without compromising data or infrastructure availability.
Learn more about Sectrio’s solution
Contact us to find out how our threat assessment ability can help your business.
*** This is a syndicated blog from the Security Bloggers Network of Sector written by Prayukth K V. Read the original post at: https://sectrio.com/why-banking-industry-should-adopt-decoy-deception-tech/