Deception technology crucial to unmasking data theft

March 2024 Information Security, Security Services & Risk Management

Iniel Dreyer.

The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation. As the term implies, the exfiltration of data from corporate networks is often done without even the target themselves being aware of the attack. In such cases, cybercriminals only want to steal personal information—without being detected. This data is then sold for a tidy profit.

While the Protection of Personal Information Act (PoPIA) in South Africa was designed to safeguard personal data from theft, misuse, and malicious activities, the legislation cannot be applied to undetected and thus, unreported attacks.

Unlike a ransomware attack, the ‘silent theft’ of data does not involve financial extortion and the encryption of information. Instead, hackers steal valuable data from organisations to sell on the dark web. This illicit practice is largely behind the proliferation of spam calls and marketing that flood ordinary people's lives, not to mention the increase in banking fraud.

Lack of alignment

The gap between PoPIA's aims and companies’ approaches to data protection can be found in the lack of alignment between the business and IT divisions' goals. The business, which has certain legal requirements to meet in terms of data privacy, must be able to rely on the IT division to ensure compliance.

Unfortunately, the two divisions often talk past each other, resulting in the acquisition of technology tools and solutions that ultimately do not meet business needs. Since the money has been spent, companies tend to try to reverse-engineer the solutions to make them work, which is often when things go wrong.

Most organisations only realise they have been compromised when they are asked for a ransom, so ‘silent theft’ continues undetected. That is because most organisations do not have the right security tools in place to detect this type of attack.

To defeat attackers whose aim it is to stay on a corporate network for as long as they can before being caught, organisations must look towards deception technology, which will help them respond proactively to an infiltration before any real damage is done. With data theft, it is crucial to be proactive as, once the information is stolen, nothing can be done about it.

Fooling the hacker

Deception technology deploys honeypots, which are fake assets and systems on an organisation’s network that a hacker perceives as a real system. These decoys can imitate any IT equipment or applications and typically have a vulnerability that makes them tempting to attack.

When attacked, honeypots will alert the network administration team that an intrusion has been detected. Deception technology can also detect the origin of the attack, where access was gained to the network, and the type of device used to carry out the hack. This allows IT teams to take the necessary steps to prevent the attackers from causing any real harm.

It is key that companies have a security framework and posture in place, and must understand what products they have and whether these meet their specific requirements for cyber resiliency. Cyber resiliency enables companies to defend against cyberattacks, and part of this is proactive data management to prevent unauthorised access to sensitive data.

A backup and recovery strategy is not enough to stop the ‘silent theft’ of data. A more proactive stance should be adopted through the deployment of deception technology. However, organisations must ensure that they engage a competent service provider to implement and support cyber resiliency within their environment.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

A strong cybersecurity foundation
Milestone Systems Information Security
The data collected by cameras, connected sensors, and video management software can make a VMS an attractive target for malicious actors; therefore, being aware of the risks of an insecure video surveillance system and how to mitigate these are critical skills.

Surveillance and cybersecurity
Cathexis Technologies Information Security
Whether your business runs a security system with a handful of cameras or it is an enterprise company with thousands of cameras monitoring sites across a multinational organisation, you must pay attention to cybersecurity.

Cybersecurity and AI
AI & Data Analytics Information Security
Cybersecurity is one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible with tools such as SIEM and endpoint protection platforms.

What are MFA fatigue attacks, and how can they be prevented?
Information Security
Multifactor authentication is a security measure that requires users to provide a second form of verification before they can log into a corporate network. It has long been considered essential for keeping fraudsters out. However, cybercriminals have been discovering clever ways to bypass it.

SA's cybersecurity risks to watch
Information Security
The persistent myth is that cybercrime only targets the biggest companies and economies, but cybercriminals are not bound by geography, and rapidly digitising economies lure them in large numbers.

Cyber insurance a key component in cyber defence strategies
Information Security
[Sponsored] Cyber insurance has become a key part of South African organisations’ risk reduction strategies, driven by the need for additional financial protection and contingency plans in the event of a cyber incident.

Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Proactive strategies against payment fraud
Financial (Industry) Security Services & Risk Management
Amid a spate of high-profile payment fraud cases in South Africa, the need for robust fraud payment prevention measures has never been more apparent, says Ryan Mer, CEO of eftsure Africa.

How to prevent and survive fires
Fire & Safety Security Services & Risk Management
Since its launch in August 2023, Fidelity SecureFire, a division of the Fidelity Services Group, has been making significant strides in revolutionising fire response services in South Africa.