May 16, 2019

Seven in Ten Cybersecurity Professionals Are Using or Considering Honey Pots, Deception Technology to Deliver Advanced Forensic and Attribution Capabilities

Neustar International Security Council (NISC) survey highlights enterprises’ shifting cybersecurity priorities and concerns

STERLING, Va. – May 16, 2019 – One in five companies are already using forensic investigations and other sophisticated methods to identify their attackers, like setting up honey pots and repositories of fake data to give attackers the idea they’ve hit real data while acting as a diversion tactic, according to the latest International Cyber Benchmark Index from the Neustar International Security Council (NISC).

Companies’ growing investment in advanced forensic capabilities that can help identify attackers in greater detail is increasingly eclipsing what most law-enforcement agencies are willing to devote. Seventy-two percent of respondents said their organization either already uses or would use honey pots or deception technology. Furthermore, 71 percent of respondents would let hackers take the fake or booby-trapped document to gather counterintelligence – rather than shutting down an attack as soon as a bad actor engages with a deceptive file – in an effort to identify the thieves later or reveal information about the location, ownership and possible vulnerabilities of the hackers’ machines.

Based on bi-monthly survey responses from security professionals across EMEA and the United States, the unique Cyber Benchmark Index provides a robust measure of the state of cybersecurity across these regions that can be monitored over time. The latest survey reveals an increased perception of threats, with the index reaching a new high of 21.5 — up from 14.4 in March 2018 and 6.5 in May 2017, when NISC began mapping threat levels. The previous index, released in January, was at 19.4.

Chart: Cyber Benchmarks Index

Asked to rank six cyber threats in order from greatest to least concern during January and February 2019, March survey respondents ranked DDoS attacks as the top concern, as in the previous survey, followed closely by system compromise and loss of intellectual property.

Just over half (51 percent) of respondents surveyed said their enterprise had been on the receiving end of a DDoS attack at some point in time, down from 52 percent last survey period (with a different sample composition) but still well above the 43 percent average for the full 11 rounds of the survey.

When asked whether the threat of various types of attacks had increased, stayed the same or decreased during the previous two months, respondents most frequently identified generalized phishing as a growing threat (52 percent), followed by targeted hacking and DDoS attacks (both 49 percent). The share of respondents indicating that a given threat had decreased did not exceed single digits for any of the 14 threats on the list.

In considering the origin of attacks, 62 percent saw increasing threats from the world at large, 55 percent saw increasing threats from their own country and 51 percent saw increasing threats from their industry. These figures are all higher than the overall survey averages (60, 50 and 45 percent, respectively).

“Security leaders increasingly feel that breaches are inevitable, and there is a growing appetite for advanced forensic tools that can deliver insights around attacker attribution and tactics in real-time,” said Rodney Joffe, Chairman of NISC and Neustar Senior Vice President and Fellow. “Whether they opt to use them like an alarm system, ejecting bad actors from the network upon contact with a honey pot or deceptive file, or for a more sophisticated counterintelligence operation that gathers vital information on attacker movements and methods, cybersecurity professionals want solutions that can provide better real-time awareness and understanding of the enemy.”

NISC Cyber Benchmark Index methodology
The International Cyber Benchmarks Index is based on a bimonthly online survey, conducted by Harris Interactive on behalf of NISC, of security professionals across EMEA and the United States. The March 2019 survey participants comprise 302 professionals from France, Germany, Italy, Spain, the United Kingdom and the United States. All survey respondents hold senior positions within their organizations (director of IT, network services manager, security consultant, CTO, etc.) and are able to provide informed opinions about cybersecurity issues and how these issues impact their enterprises and the wider business community.

The International Cyber Benchmarks Index figure is calculated using five of the survey questions that are repeated in every survey and tracked over time. An initial figure is taken from the percentage of enterprises that say notable recent cyber events have directly affected the way they protect their business. This figure is multiplied by the average “net increase” percentages from across three separate questions, reflecting (1) the change in the level of threat of attack by various vectors, (2) the change in the risk of attack from various actors and (3) the change in the threat landscape. This figure is then multiplied by the percentage of enterprises that have ever been on the receiving end of a DDoS attack.

About the Neustar International Security Council
The Neustar International Security Council is an elite group of select cybersecurity leaders across key industries and companies. Through face-to-face events including an annual summit, quarterly thought-leadership seminars and regional roundtables, members learn and share the latest trends from leading experts and peers. For more information, visit https://www.nisc.neustar/.

About Neustar, Inc.
Neustar, Inc., is a leading global information services provider driving the connected world forward with responsible identity resolution. As a company built on a foundation of Privacy by Design, Neustar is depended upon by the world’s largest corporations to help grow, guard and guide their businesses with the most complete understanding of how to connect people, places and things. Neustar’s unique, accurate and real-time identity system, continuously corroborated through billions of transactions, empowers critical decisions across our clients’ enterprise needs. More information is available at https://www.home.neustar.