Deception technology crucial to unmasking data theft

March 2024 Information Security, Security Services & Risk Management


Iniel Dreyer.

The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation. As the term implies, the exfiltration of data from corporate networks is often done without even the target themselves being aware of the attack. In such cases, cybercriminals only want to steal personal information—without being detected. This data is then sold for a tidy profit.

While the Protection of Personal Information Act (PoPIA) in South Africa was designed to safeguard personal data from theft, misuse, and malicious activities, the legislation cannot be applied to undetected and thus, unreported attacks.

Unlike a ransomware attack, the ‘silent theft’ of data does not involve financial extortion and the encryption of information. Instead, hackers steal valuable data from organisations to sell on the dark web. This illicit practice is largely behind the proliferation of spam calls and marketing that flood ordinary people's lives, not to mention the increase in banking fraud.

Lack of alignment

The gap between PoPIA's aims and companies’ approaches to data protection can be found in the lack of alignment between the business and IT divisions' goals. The business, which has certain legal requirements to meet in terms of data privacy, must be able to rely on the IT division to ensure compliance.

Unfortunately, the two divisions often talk past each other, resulting in the acquisition of technology tools and solutions that ultimately do not meet business needs. Since the money has been spent, companies tend to try to reverse-engineer the solutions to make them work, which is often when things go wrong.

Most organisations only realise they have been compromised when they are asked for a ransom, so ‘silent theft’ continues undetected. That is because most organisations do not have the right security tools in place to detect this type of attack.

To defeat attackers whose aim it is to stay on a corporate network for as long as they can before being caught, organisations must look towards deception technology, which will help them respond proactively to an infiltration before any real damage is done. With data theft, it is crucial to be proactive as, once the information is stolen, nothing can be done about it.

Fooling the hacker

Deception technology deploys honeypots, which are fake assets and systems on an organisation’s network that a hacker perceives as a real system. These decoys can imitate any IT equipment or applications and typically have a vulnerability that makes them tempting to attack.

When attacked, honeypots will alert the network administration team that an intrusion has been detected. Deception technology can also detect the origin of the attack, where access was gained to the network, and the type of device used to carry out the hack. This allows IT teams to take the necessary steps to prevent the attackers from causing any real harm.

It is key that companies have a security framework and posture in place, and must understand what products they have and whether these meet their specific requirements for cyber resiliency. Cyber resiliency enables companies to defend against cyberattacks, and part of this is proactive data management to prevent unauthorised access to sensitive data.

A backup and recovery strategy is not enough to stop the ‘silent theft’ of data. A more proactive stance should be adopted through the deployment of deception technology. However, organisations must ensure that they engage a competent service provider to implement and support cyber resiliency within their environment.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...
Are AI agents a game-changer?
Information Security
While AI-powered chatbots have been around for a while, AI agents go beyond simple assistants, functioning as self-learning digital operatives that plan, execute, and adapt in real time. These advancements do not just enhance cybercriminal tactics, they may fundamentally change the battlefield.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.