Companies investing in advanced forensic capabilities to identify attackers in greater detail

One in five companies are already using forensic investigations and other sophisticated methods to identify their attackers, like setting up honey pots and repositories of fake data to give attackers the idea they’ve hit real data while acting as a diversion tactic, according to Neustar.

Companies’ growing investment in advanced forensic capabilities that can help identify attackers in greater detail is increasingly eclipsing what most law-enforcement agencies are willing to devote. 72 percent of respondents said their organization either already uses or would use honeypots or deception technology.

Furthermore, 71 percent of respondents would let hackers take the fake or booby-trapped document to gather counterintelligence – rather than shutting down an attack as soon as a bad actor engages with a deceptive file – in an effort to identify the thieves later or reveal information about the location, ownership and possible vulnerabilities of the hackers’ machines.

Based on bi-monthly survey responses from security professionals across EMEA and the United States, the Cyber Benchmark Index provides a measure of the state of cybersecurity across these regions that can be monitored over time.

The latest survey reveals an increased perception of threats, with the index reaching a new high of 21.5 — up from 14.4 in March 2018 and 6.5 in May 2017, when Neustar began mapping threat levels. The previous index, released in January, was at 19.4.

Asked to rank six cyber threats in order from greatest to least concern during January and February 2019, March survey respondents ranked DDoS attacks as the top concern, as in the previous survey, followed closely by system compromise and loss of intellectual property.

Just over half (51 percent) of respondents surveyed said their enterprise had been on the receiving end of a DDoS attack at some point in time, down from 52 percent last survey period (with a different sample composition) but still well above the 43 percent average for the full 11 rounds of the survey.

When asked whether the threat of various types of attacks had increased, stayed the same or decreased during the previous two months, respondents most frequently identified generalized phishing as a growing threat (52 percent), followed by targeted hacking and DDoS attacks (both 49 percent). The share of respondents indicating that a given threat had decreased did not exceed single digits for any of the 14 threats on the list.

In considering the origin of attacks, 62 percent saw increasing threats from the world at large, 55 percent saw increasing threats from their own country and 51 percent saw increasing threats from their industry. These figures are all higher than the overall survey averages (60, 50 and 45 percent, respectively).

“Security leaders increasingly feel that breaches are inevitable, and there is a growing appetite for advanced forensic tools that can deliver insights around attacker attribution and tactics in real-time,” said Rodney Joffe, Chairman of Neustar Senior Vice President and Fellow.

“Whether they opt to use them like an alarm system, ejecting bad actors from the network upon contact with a honey pot or deceptive file, or for a more sophisticated counterintelligence operation that gathers vital information on attacker movements and methods, cybersecurity professionals want solutions that can provide better real-time awareness and understanding of the enemy.”