Cybercrime and cybersecurity are locked in a constant arms race, with criminals trying to illegally profit by exploiting vulnerabilities in the digital economy, forcing businesses to protect their assets by investing in cybersecurity. The total economic damage from cyberattacks is expected to reach $10.5 trillion annually by 2025 – up 300% from 2015 levels, according to a report from McKinsey. To shield themselves from the cybercrime wave, businesses spent around $150 billion in 2021 on cybersecurity, or 12.4% more than the previous year.
However, it still wasn’t enough, as stories about high-profile hackings and breaches hit the news every few weeks, and that doesn’t even include the small and medium businesses that get targeted and never get reported on. Despite businesses spending a huge sum on expensive software, hackers are still able to get around their defenses.
Cybersecurity architect Kevin Cardwell, a US Navy Veteran of more than 22 years and former chief of the Navy’s Command, Control, Communications, Computers, and Intelligence (C4I) division, believes that businesses’ IT teams should rethink how they look at cybersecurity. He lays out his innovative views in his book, Defense and Deception: Confuse and Frustrate the Hackers.
Defense and Deception: Confuse and Frustrate the Hackers
A common saying in cybersecurity circles is that humans are the weakest link in cybersecurity, which is why many successful cyberattacks have been due to social engineering. Proper training can make a workforce more resistant to it, but it takes only one mistake to allow a hacker to get in. This leads to another cybersecurity maxim, which is “attackers are at the advantage because they only have to find one way in.”
Defense and Deception turns that on its head, showing ways to give defenders an advantage in cybersecurity. With more than 25 years’ experience in cyber warfare, in both offensive and defensive roles, Cardwell understands how both sides work. According to Cardwell, his strategy creates an extra line of defense that catches attackers who can slip behind traditional cybersecurity measures.
“In a jungle warfare situation, it is impossible to guard the entire perimeter using sentries, which is why we use tripwires,” Cardwell says. “When someone hits that tripwire, then you know someone’s trying to breach your perimeter. I am applying that same concept to cybersecurity.”
According to Cardwell, when a modern-day malware infects a machine, the first thing it does is phone home and set up a command and control server. After that, it does lateral movement, searching through the infected machine’s network for other machines to infect. By creating decoys on the network, Cardwell says cybersecurity teams will be able to catch intruders much quicker before they have had enough time to do significant damage.
Cardwell co-founded cybersecurity firm Cyber2 Labs in 2018, and one of its products is a tactical AI hardware decoy, which is a small device that is installed on the network with no other purpose than to catch an intruder. If it receives even a single packet, then it’s a sign that the network has been breached. With enough decoys, there will be a virtual minefield on the network, limiting attackers and forcing them to second-guess their every move. One wrong step and the attackers have to restart the whole process, confusing and frustrating them.
“I believe that the defender has the advantage because we know the network and the attacker doesn’t,” Cardwell says. “If they get on the network, it’s rarely in an optimal place, so they need to look around for the things they need. Poorly designed networks are predictable and attackers can easily figure things out. However, a well-designed network forces them to waste time analyzing it, giving the defender time to conduct isolation and the incident response.”
Once an attacker has been found out, well-designed networks should have what Cardwell calls watertight integrity. This term comes from the navy, referring to the capability to isolate sections of a ship that have incurred damage, preventing water from spreading to the rest of the ship’s interior and sinking it. A network with watertight integrity will still be able to function even if a section is isolated to limit the scope of an attack.
Since retiring from the Navy, Cardwell has served as a cybersecurity advisor for several national governments in various continents as well as wrote the certification program for penetration testing at the International Council of Electronic Commerce Consultants (EC-Council). He is an adjunct professor at the University of Maryland Global Campus (UMGC) and an instructor at the University of California Los Angeles (UCLA). He is also planning to release an updated edition of Defense and Deception soon, given the need to reinvent how cybersecurity is conducted. Aside from his other books, Cardwell teaches various cybersecurity courses on the Udemy, Coursera, and Pluralsight platforms.
“Most cybersecurity monitoring solutions struggle with high amounts of false positives,” Cardwell says. “These false positives can make defenders complacent and ignore the warning signs of a real attack. With decoys, if something talks to that decoy, that's always a true positive. This switches the advantage to the defender because one packet is all we need, and that is a really powerful way of catching attackers. Having written Defense and Deception, I believe that reading and applying even just half of the book will allow you to block 90% of the attacks. In the event an attacker gets in, you can isolate them and limit their damage.”
Name: Kevin Cardwell
Email: [email protected]