Honeypots in demand by FSIs, but cybersec vendors not delivering

Honeypots cybersecurity Hollard Grae

The security ‘honeypot’ is an indispensable tool to help businesses and their cybersec teams protect high-value, ‘crown jewel’ digital assets. However, security vendors are failing to have on offer “a decent honeypot solution” for take-up by financial services businesses, leaving them to build their own or go without, according to Hollard Insurance’s chief information and security officer (CISO), Grae Meyers-Gleaves.

“No vendor seems to sell us a decent honeypot solution,” Hollard’s security chief said, referring to the digital decoy used to lure hackers away from legitimate corporate data assets, such as the personally identifiable information (PII) of customers, intellectual property, or core systems.

“In fact, Meyers-Gleaves added, “nobody’s even got one [to offer]!”

Honeypots can be built to resemble any type of digital asset, including applications, servers or an entire corporate network.

They serve to fool a ‘successful’ attacker into believing they have accessed a business’s actual enterprise network, and can encourage them to spend time – or perhaps waste time – within this controlled environment.

By luring adversaries in, honeypots also serve as useful intelligence-gathering tools, helping defenders identify the methods and motivations of their attackers and buffer against future attacks.

“Build a honeypot on your network. Let the bad guys come in, find that data, monitor for that particular dataset on the dark web and then you’ll know you’ve been exposed at some time – as long as they [the hackers] think they actually had a good dataset.”

Speaking at FST’s Future of Security, Sydney 2023 event, Meyers-Gleaves, who began his cyber career in the Australian Army, called on cybersecurity teams to “get creative” in the security function, including incorporating design thinking principles into the cyber practice.

“Who’s seen a honeypot on a checklist? It’s not there, is it? Start getting creative and look at the root cause issues.”

Accepting the inevitability of breaches, he also urged security teams to “tokenise as much PII [personally identifiable information] as you can”.

“If you tokenise and the bad guys steal it, they can’t use it – unless quantum computing really gets going.

“But, for now, who cares that the bad guys stole it? [Being tokenised], they can’t use it!”