Deception Technology: Creating Asymmetric Risk for Cyber Attackers
Financial services leaders are too often reminded that cyber risk is “asymmetric” risk – that is, the attacker only has to succeed once; cyber security people must get it right all the time. Most security leaders implicitly accept this, assuming it’s not “if, but when” a cyber attack will be successful. But it doesn’t have to be this way. By turning every system into a trap, deception technology inverts the equation, creating an alternate reality, making it extremely unlikely that advanced attackers can successfully travel from their starting point in the network to the “crown jewels” they intend to compromise. This presentation will explain the concepts underlying a deception approach to show why it is an essential element of a program to address today’s cyber risk reality.