Will They Get the Wrong Pot?

On January 25, 1905, same date as today, the world's largest diamond was discovered in Africa. This discovery was one of its kind since the mineral was the biggest ever, and because it was so valuable that it had to be transported with total security.

It is said that the transporters created a diversion by transporting a fake diamond on a heavily guarded ship while sending the actual diamond as a plain package from South Africa to London. This piece of tactic may seem obvious and outdated in today's world but has truly worked wonders in confusing and frustrating enemies. At home, one may, for example, create a fancy wall safe with complex patterns and stash a few seemingly interesting papers while keeping valuable documents in an unattractive box right in the living room.

Borrowing from this, and as a measure of cybersecurity, creating diversionary tactics will help protect one's valuable resources while keeping enemies behind the line. This concept is famously implemented in honeypots where a system is set up to mimic actual systems to detect, learn, and divert attacks, more so in real time. The implementation of honeypots has proved valuable to companies in improving defense and resilience against probable attacks.

While an enemy's attempt at an honeypot will be in vain, it will provide the owners of a system the heads up to improve their security. While blue teamers find honeypots a vital source of information to better defend systems, red teamers will likewise use them to simulate attacks that test their systems with a view of implementing updated security standards.

For organizations, setting up honeypots will depend on the nature of their systems and the value to be gained. An insurance company would, for example, set up a honeypot containing a fake database of client information while optionally implementing relatively weak standards to attract attackers. Therein, the company's cybersecurity team may learn the tactics, techniques, and procedures (TTPs) used by attackers and consequently, understand criminals' nature and preference of operations.

Apart from such a database honeypot usable in an enterprise environment, companies may implement spam honeypots, malware honeypots, honeynets (network of honeypots), and client honeypots. The deployment of these honeypots will completely depend on the company's business, versatility, and objectives. As companies develop more valuable systems, and as more devices are becoming interconnected within an enterprise environment, the management needs to commission honeypots to ensure they stay ahead of the bad guys. By extension, enterprises need to recognize the viability of cybersecurity professionals who can aptly defend against attacks that have proliferated in the last years.

Do make sure they get the wrong pot!