EDITOR ’ S QUESTION
The silent theft of data is an increasingly prevalent cyber threat to businesses , driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation . As the term implies , the exfiltration of data from corporate networks is often done without even the target themselves being aware of the attack . In such cases , cybercriminals are only wanting to steal personal information , without being detected . This data is then sold for a tidy profit .
While the Protection of Personal Information Act , PoPIA in South Africa was designed to safeguard personal data from theft , misuse and malicious activities , the legislation cannot be applied to attacks that are undetected and thus unreported .
Unlike a ransomware attack , the silent theft of data does not involve financial extortion and the encryption of information . Instead , hackers steal valuable data from organisations to sell on the dark web . This illicit practice is largely behind the proliferation of spam calls and marketing that flood the lives of ordinary people , not to mention the increase in banking fraud .
To defeat attackers whose aim is to stay on a corporate network for as long as they can before being caught , organisations must look towards deception technology , which will help them respond proactively to an infiltration before any real damage is done . With data theft , it is crucial to be proactive as , once the information is stolen , nothing can be done about it .
Deception technology deploys honeypots which are fake assets and systems on an organisation ’ s network that a hacker will perceive as a real system . These decoys can imitate any IT equipment or applications and will typically have a vulnerability that will make it tempting to attack .
Deception technology deploys honeypots which are fake assets on an organisation ’ s network that a hacker will perceive as a real system .
been detected . Deception technology can also detect the origin of the attack , where access was gained to the network and the type of device that was used to carry out the hack . This allows IT teams to take the necessary steps to prevent any real harm from being done by the attackers .
A backup and recovery strategy is not enough to stop the silent theft of data . A more proactive stance should be adopted through the deployment of deception technology . p
When attacked , honeypots will send an alert to the network administration team that an intrusion has
INIEL DREYER , MD DATA MANAGEMENT
PROFESSIONALS SOUTH AFRICA
www . intelligentcio . com INTELLIGENTCIO AFRICA 29