Honeytokens being used in real world

Very interesting case of honeytokens deployment in  this Network World article today. Here's what they did:

Here's what happened. We use Salesforce.com as the single repository for information about all of our current customers, potential sales opportunities, sales forecasts and more. It's all highly sensitive material and not anything we'd like our competitors to get their hands on.

That's why one of our marketing executives was worried when she called me into her office earlier this week. She had received a marketing email from one of our competitors. The interesting thing about this email was that it was sent to all of the dummy, or "honey token," email accounts that we had set up in Salesforce for testing purposes. The implication was that the email had also gone to all of our legitimate customers and that this competitor somehow had gotten access to the information in our Salesforce deployment.

 

XaaS, cloud services in general are a fertile terrain for honeytokens deployment. Don't forget them as tools to complement your DLP strategy!

Simple and effective

Although there's no hard evidence for any of the tips from the links below (and it would be nice to collect that!), I've always liked simple security interventions that could reduce risk without the associated cost of implementing new tools or processes. It was interesting to see in the same week to separate posts with "cheap" security measures that can help a lot who doesn't want to be the low hanging fruit. Enjoy:

http://www.netspi.com/blog/2012/07/09/5-ways-to-find-systems-running-domain-admin-processes/

http://www.networkworld.com/research/2012/070912-10-crazy-it-security-tricks-260746.html?page=1

"We are not a target"

Yes you are. Security professionals should be educating executives that make that mistaken assumption to understand how valuable their IT infrastructure is by itself, no matter what data is there. Brick and mortar criminals steal fast cars to use when robbing a bank, it’s the same thing for servers on the Internet, email accounts, FTP and web sites; they might not be valuable for the data they hold, but they are valuable tools to be used in attacks against others.

Even when you consider malware (such as Flame, Stuxnet), they still can cause you problems (downtime of IT the most common issue) even if you are not the original target, as most of them don’t include checks to confirm they are running on their targets only. Even silly stuff, like those created to steal World of Warcraft credentials, for example, will still affect your systems and can cause issues. Even if they are “benign” for you, it’s someone else’s (and someone not trustful at all) code running on your computers.

So, forget about “We’re not a target”. Even if you are not because of your data, you still are just because you are connected.