Showing posts from December, 2017

Deception in Cybersecurity

When it comes to deception, the goal is forced misperception on adversaries – leading them to act in an inefficient manner, where the party that holds access to the largest amount of information is therefore able to move more effectively towards their objective. Information asymmetry provides this imbalance of power where one party is privy to information that the other party is not. Deception is the process of forced information asymmetry and is often complex and involves careful planning to maximize benefits and mitigate potential risks. Role of Deception In cyber security, deception is typically applied as the second-to-third line of defense to detect, prevent and respond to adversaries offering unique advantages where adversaries are often forced to evolve their exploitation strategies to reach objectives. The typical goal of deception is focused on forcing asymmetry in terms of resources (time, CPU power, money) through: a)       Using false information to mislead a