102: A Bear in the HoneyDocs—Knowing a Cyber-Attack When You See It

By C3 Staff
Jun 2, 2021

Cyber incidents and attacks are not primarily a technology problem—they are a people problem. Last week my colleague Chris Wallace discussed Verizon’s 2021 Data Breach Investigation Report. Specifically, the relevance to small businesses and the need for these businesses to find a trusted cybersecurity advisor. Now, we turn our attention to both the key weakness and critical element for cybersecurity – people.

85% of breaches involved a human element in 2020.[1] That means us—we are the human element. And within at least four sectors—health care, public administration, finance, and education—there was an additional common element: email. The truth of our technological age is that email is the ubiquitous, efficient, and “not going away anytime soon” (despite major attempts by tech companies to do so) bridge between individuals and companies. It is no surprise then that “phishing remains one of the top Action varieties in breaches and has done so for the past two years”.[2] In other words—think before you click the link, open any attachment, or even respond.

A cyber incident (a change in a system that negatively impacts the organization, municipality, or business) or breach (an impermissible use or disclosure that compromises the security or privacy of protected information) can appear in different ways. A financial report can be leaked through a typo in an email address. A well-worded pretext (a malicious actor creating a false context or identity for some type of gain, usually financial) can prompt money transferal—and does. Pretexting accounts for over 80% of the social engineering attacks for education.[3]

We need a plan for cyber resilience—what is going to happen when (not if) they get in? There are a few Reasonable and Prudent basic steps like validated “air-gapped” system back-ups, two-factor authentication, email security solutions, and training your organization to be responsive to phishing and malware attacks. Another step, and our Reasonable and Prudent action for today, is placing ‘HoneyDocs’ in your network.
When a malicious actor enters your network, they’re like a bear headed for a honeypot. HoneyDocs are documents containing fake but delicious-looking information specifically to detect hackers. Aside from tracking IP addresses, these HoneyDocs alert the administrator that they’ve been accessed, allowing for much faster detection and reaction times. As a malicious actor enters, moving laterally across the network, HoneyDocs can serve as an early alarm system. With well-designed HoneyDocs on your network and specific admin accounts in your active directory and email systems, if these documents or accounts are accessed you have a very high indicator of compromise: a cyber-attack. When bad guys hit those files, HoneyDocs are monitored to tell your administrator something nefarious is happening. This early warning signal is absolutely vital to your response strategy.

Spotting cyber weaknesses means diligence with cyber hygiene—complex passwords, careful checks and balances within business processes, and more. But being vigilant also means having a plan for resilience if a cyber-attack strikes your organization. Cybersecurity is for everyone, and it doesn’t have to be overwhelming.

At the Carolina Cyber Center, we want to help equip you to defend your data. Don’t hesitate to contact us with your cybersecurity questions! Interested in becoming a cyber professional? Apply for a Carolina Cyber Center Academy cohort beginning this summer here and become a trained Cyber Analyst!

[1] Verizon 2021 Data Breach Investigations Report, pg. 7. https://www.verizon.com/business/resources/reports/dbir/2021/
[2] Ibid., pg. 16. https://www.verizon.com/business/resources/reports/dbir/2021/
[3] Ibid., pg. 74. https://www.verizon.com/business/resources/reports/dbir/2021/

Contact Us

Carolina Cyber Center
of Montreat College

310 Gaither Circle
P.O. Box 1267
Montreat, NC 28757

(828) 419-0737

Get Started

No-risk, 30-day money-back guarantee. All instructional materials, labs, certification fees*, books, and range time are included.

*First attempt for certification included. The cost for additional certification attempts is the responsibility of the student.