What Feds Can Learn from the Cyberattacks in France

During the run-up to this year’s elections in France, Russian hackers targeted the campaign of now-President Emmanuel Macron. They compromised the campaign’s networks and stole thousands of emails, but Macron avoided significant political fallout, at least in part because the breach did not contain inflammatory material.

Yes, this is a testament to how Macron ran his campaign, but it is also likely due to the difficulties attackers had in finding sensitive data.

Macron’s digital director told The New York Times that his team used what he called a “cyber blurring strategy.” This meant creating fake content and accounts to confuse and distract attackers from valuable material.

For feds, this is a critical lesson.

Adopting best practices can go a long way in preventing most attacks. Still, some organizations put up obstacles to make it harder for attackers once they are inside the network.

Agencies can follow the example set by the Macron campaign by creating dummy accounts and content to attract attackers’ attention. A more complex option is to create false trails for attackers to follow. With the right terminology, IT staff can suggest the presence of high-value assets, with each false lead encouraging attackers to continue to the next.

This approach wastes attackers’ time, distracts from truly sensitive content and forces them to spend time distinguishing false content from real. Organizations can run such efforts with their own staff or with the assistance of IT security companies.

Deception Technology Makes Attackers Run in Circles

For some agencies, internal initiatives are sufficient. They won’t stop a determined attacker but will slow the effort. Organizations that face skilled attackers can take deception technology to the next level by working with private sector experts.

Here, deception technology means the creation of complete shadow networks to trick attackers into thinking they are in the real networks. Administrators place traps, decoys and lures among existing infrastructure and imitate a range of machines and devices to create a convincing profile. Some technology, such as service gateways, comes with deception technology built in. Some deception technology firms offer turnkey services with a high degree of automation that require little effort to deploy or to operate.

This level of deception technology can warn organizations when an attacker has breached their networks.

Catch Malicious Attackers Before They Erase Digital Tracks 

When intruders engage a trap, they trigger an alert allowing organizations to quickly respond. This is an improvement over the alternative, when it often takes many months for an agency to even realize a breach has occurred.

Traps can also record attacks as they happen. The technology can conduct automatic analysis of any malicious code used and help create a profile of the attackers’ behavior. Attackers typically erase their tracks, so the option to monitor attacks as they take place is helpful in identifying new methods of sabotage and in creating profiles to assist in attribution efforts.

Deception technology may also identify infrastructure used by attackers and automatically isolate and block suspected endpoints. This can stop or slow an attack shortly after it is identified and provide further data to help with the always-challenging task of attribution.

Agencies’ first step should be adopting established best practices. But even top-of-the-line protection does not equate to 100 percent protection. Quickly identifying and mitigating intrusions with deception technology will go a long way toward improving an agency’s chances of not becoming a victim.

This content is made possible by FedTech. The editorial staff of Nextgov was not involved in its preparation.