Protecting Your Business Data Using Fake Information

Uploaded on 2021-10-20 in TECHNOLOGY--Resilience, FREE TO VIEW

Technology has played a crucial role in allowing us to work from home during the coronavirus pandemic, 
Working remotely with confidential data is is risky under most circumstances and throughout the Coronavirus pandemic there has been an increase in hacking and an increase in the number of companies falling victim to ransomware. 

Cyber criminals have been very quick to adapt their efforts to steal access to information and systems. 

Hackers constantly improve at penetrating cyber defenses to steal valuable documents. So some researchers propose using an artificial-intelligence algorithm to hopelessly confuse them, once they break-in, by hiding the real deal amid a mountain of convincing fakes.

Like regular phishing, spear phishing emails appear to come from a trusted or familiar source. The criminals gather personal information about the target and modify their message to make it look legitimate. Using this critical  information cyber criminals can hack user accounts, email accounts, addresses, names, IP addresses, or take over personal devices. Fraudsters then use the stolen personal details to present themselves as real customers andn use these details to make fraudulent purchases, create fake customer accounts, or manipulate traffic.

If you operate a business online, there are various types of fraudulent activity to be aware of.

  • The most extreme of these include cyberbot attacks, which operate on a massive scale and can access millions of online accounts. 
  • Corporate identity fraud occurs when a fraudster impersonates a legitimate business using fake or stolen company identity and/or financial information to obtain goods, money or services.  
  • A business may be impersonated using phishing emails, bogus websites and/or false invoices. Sometimes a fraudster will even change company details with government agencies such as UK Companies House.

Now an algorithm, called Word Embedding–based Fake Online Repository Generation Engine (WE-FORGE), generates decoys to confuse and frustrate criminals. 

This algorithm can “create a lot of fake versions of every document that a company feels it needs to guard,” says its developer, Dartmouth College cyber security researcher V. S. Subrahmanian. If hackers were after, say, the formula for a new drug, they would have to find the relevant needle in a haystack of fakes. This could mean checking each formula in detail, and perhaps investing in a few dead-end recipes. “The name of the game here is, ‘Make it harder,’” Subrahmanian explains. “‘Inflict pain on those stealing from you.’” 

The system produces convincing decoys by searching through a document for keywords. For each one it finds, it calculates a list of related concepts and replaces the original term with one chosen at random. The process can produce dozens of documents that contain no proprietary information but still look plausible. 

Subrahmanian says he tackled this project after reading that companies are unaware of new kinds of cyber attacks for an average of 312 days after they begin. 

Fraud Advisory Panel:   Met Police:     I-HLS:     NIBusinesInfo:    RightDigitalSolutions:     EmailHippo

If you are unsure how to make your client, financial and operational data totally secure, you should ask an expert in cyber security and digital workflow. Contact Cyber Security Intelligence for  advice and recommendatios on improvi ng your organisation's reslieience.

You Might Also Read: 

Secure Your Personal Email & Social Media Accounts:

 

« International Effort To Reduce Ransomware Attacks
New Report: Average SIEM Deployment Is Over 6 Months »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Hex Security

Hex Security

Hex Security Limited is a specialist Information Assurance (IA) consultancy working with associates and partners to deliver security certification and accreditation support.

HANDD Business Solutions

HANDD Business Solutions

HANDD are independent specialists in data protection with expertise at every stage of the Protect, Detect and Respond cycle, from consultancy and design, right through to installation.

Cloud53

Cloud53

Clolud53 is a Manchester based Managed Cyber Security & Cloud company providing solutions focused around you.

Cybersecurity Credentials Collaborative (C3)

Cybersecurity Credentials Collaborative (C3)

C3 provides a forum for collaboration among vendor-neutral information security and privacy and related IT disciplines certification bodies.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

Acrisure

Acrisure

Acrisure is powered by the best of human and high-tech and offers insurance, reinsurance, real estate, cyber and more solutions to millions of clients around the world.

Censinet

Censinet

Censinet provides the first and only third-party risk management platform for healthcare organizations to manage the threats to patient care that exist within an expanding ecosystem.

Vertex Cyber Security

Vertex Cyber Security

Vertex provide Cyber Security Services to small to large businesses including Advise, Consulting, Adding Security Partnership, Penetration Testing, ISO 27001-2 and Audits.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.

Security Risk Advisors (SRA)

Security Risk Advisors (SRA)

Security Risk Advisors deliver cybersecurity services to leading companies in the Financial Services, Healthcare, Pharmaceuticals, Technology and Retail industries.

CyTwist

CyTwist

CyTwist is an early warning attack detection platform that complement your existing security suite and provides your security teams with unique detection capabilities of stealth targeted attacks.

Corgea

Corgea

Corgea is AI-powered security platform that finds, triages and fixes your insecure code.

DarkHorse Security

DarkHorse Security

DarkHorse exists to make it easy and affordable for organizations to be able to identify their cybersecurity vulnerabilities.