Deception a winner for councils tackling cyber attacks
Deception technology is proving to be an innovative and successful approach for defending local governments against cybersecurity threats.
Tuning into the news, one might easily get the impression that local councils are disproportionately impacted by cybersecurity incidents compared to many other industry sectors.
Certainly in the US, municipal governments have proven easy targets for ransomware. Research shows 44% of them experience daily attack attempts, and a further 30% are unsure how many times their systems are being probed.
A perennial issue is that local governments are comparatively under-resourced compared to other levels of government, let alone compared to the private sector. While the federal government is steadily improving its defences, funding for cybersecurity drops off steeply at state and local levels.
Small agencies with small budgets often find themselves short on both tools and talent, and vital hardware and software updates can often go untended for months or even years. This provides fertile ground for cybercriminals looking to take advantage of an easy target.
A recent audit report in NSW found 80% of councils do not have a cybersecurity policy or framework. Compare this to the private sector, where only 25% of organisations report they are not using a framework (according to a global survey of 1200 security professionals). The NSW audit also found 78% of councils in the state had no central register of cyber incidents, and 76% had not trained all staff in cybersecurity.
“Poor management of cybersecurity can expose councils to a broad range of risks, including financial loss, reputational damage and data breaches,” NSW Auditor-General Margaret Crawford found.
Local Government Professionals Australia, the peak body for local government officers, sought federal assistance at the end of last year to help councils address cybersecurity shortfalls.
Most local government senior executives “are acutely aware of the risks and vulnerabilities in the cybersecurity space but there is a resource gap in defending against them”, according to Local Government Professionals Australia CEO Clare Sullivan.
“Local government budgets are under increasing pressure here, with reduced revenue-raising capacity coupled with ageing infrastructure, increasing community expectations and cost shifting from other levels of government,” the organisation’s President, Mark Crawley, added.
Single-person (and small) security teams
Many local councils have invested heavily in end-point and network perimeter solutions — but once an attacker is through them, things can become very dark, very fast. Some also are restrained by having only a small security team with which to protect themselves, largely due to the cost of assembling and maintaining such a resource.
To prevent such small teams from becoming overwhelmed, and to supplement their skills, many are turning to new types of defensive systems such as ‘deception technology’.
Deception technology uses traps and lures — resembling genuine files, systems and credentials — that are placed within the network to fool attackers into engaging. Even the lightest engagement with these decoys triggers an alert that enables security to quickly respond to the incident and record the attackers’ behaviour.
The overwhelming feedback from those who have adopted this approach is that it solves a lot of use cases at the same time, the most common being detecting and stopping an attack once it has breached perimeter defences. Others include detecting ransomware attacks early, detecting credential theft, stopping lateral movement, and obtaining visibility of internal networks and cloud environments.
Deception technology is already widely adopted around the world and in the last year has begun to see traction with, and positive impact in, securing Australian businesses. For small security teams, cyber deception has proven to be an accurate and efficient way to find threats that have bypassed prevention defences.
Modern deception will also include trickery that will deceive an attacker into believing that they have received the information they are seeking — whereas in reality, they are given fake data or credentials that will only lead them into a decoy environment and raise the alert of about an attempted object or data theft.
This sleight of hand creates a situation where the attacker can no longer trust what they see or the tools they use. This can be a powerful deterrent when used with traps and lures that keep attackers occupied and away from genuine systems.
The increased complexity for the attacker can be quite effective in slowing the attack, and will often lead them to abandon their efforts and look for a softer target.
Deception technology is proving to be the augmentation and assistance that many single-person and small security teams need to tip the scales back in their favour. By using machine learning, the solution can be easily deployed and maintained without requiring additional staffing. Responders can also react quickly since every alert is engagement-based and comes with the attack details needed to quickly respond to the threat. This is critical for small teams so that they can prioritise their efforts on real incidents and not go chasing false positives or nuisance alerts.
Prevention vs proactivity
Traditionally, cybersecurity efforts have tended to focus on preventative techniques. However, when you consider the growing numbers of breaches that continue to occur each year, this approach alone is no longer sufficient.
Instead organisations should add proactive techniques, to detect early and control the actions of their attacker, into their security mix. They will then be in a better position to detect and derail threats much earlier so that criminals cannot establish a foothold or complete their planned attack.
Taking the time now to examine cyber deception options, and make them a part of a security architecture, will reduce risk and better prepare an organisation for threats as they arise.
Australia's government sector was the second most targeted industry sector by cyber attackers...
Service NSW has confirmed that the email accounts of 47 staff members were illegally accessed...
Researchers have uncovered a sophisticated attack campaign linked to the Chinese military...