CyberTrap FAQ #8 Deception sounds interesting but we view it as a “nice to have” and not a “must have”

In theory, this statement could apply to any security technology. The question is really one of prioritization.

When considering the prioritization of security technologies, organizations often look to laws and regulations to determine where to focus. If a law or regulations states that “technology X” must be deployed, it will be. Similarly, many organizations look to industry standards. There are, however, not information security-related laws, regulations, or standards that allow attackers to remain on our networks for 9 months. Knowing that traditional security controls are not sufficient (e.g., Ponemon Institute Cost of a Data Breach report, FireEye M-Trends report), the inability to accurately and quickly detect and respond to breaches can be considered a compliance failure.

The fact that a technology/strategy exists in cyber deception, which has been proven to significantly reduce detection times, means that, rather than needing a reason to prioritize deception, organizations must have a reason not to prioritize deception. Otherwise, the failure to implement a known and effective control to address a known risk could be considered negligence.

"Why would they attack us?" is never a question an attacker would ask, they look for any easy target - no matter what the branch/size/revenue of the organization.

If you want to make sure, your Company is protected - find out more about our products here www.cybertrap.com