Honeypots and cyber detection tools can be highly effective at disrupting cyber attacks, according to the UK’s National Cyber Security Centre (NCSC), but enterprises should prepare for serious risks.
Over the last year, the NCSC has run a series of cyber deception trials, speaking to users, and analyzing the results to try and work out whether such tactics can increase observability, improve threat hunting, and even influence how attackers behave.
The trials involved 121 organizations from across the UK, 14 commercial providers of cyber deception solutions, and 10 product trials across different environments, from cloud deployments to operational technology.
So far, the NCSC said it's clear that cyber deception can work - but it’s not always easy. While most organizations reckoned that cyber deception could offer real value, particularly in detecting novel threats and enriching threat intelligence, there was a lack of outcome-based metrics.
"As with any observability and threat hunting methods, the effectiveness of cyber deception depends on having the right data and context," said the NCSC.
"We found that cyber deception can be used for visibility in many systems, including legacy or niche systems, but without a clear strategy, organizations risk deploying tools that generate noise rather than insight."
Terminology is also a bit of a problem, with vocabulary across the industry often inconsistent, making it harder for organizations to understand what’s on offer or even what they’re trying to achieve. The NCSC said it now plans to standardize its cyber deception vocabulary.
Similarly, organizations may be missing a trick by failing to publicly announce that they use cyber deception - only 10% do. Some research suggests that when attackers believe cyber deception is in use, they are less confident in their attacks.
"This can impose a cost on attackers by disrupting their methods and wasting their time, to the benefit of the defenders," said the NCSC.
Notably, the NCSC’s research indicated that many organizations don't know where to start, and could really benefit from impartial advice, real-world case studies, and reassurance that the tools they’re using are effective and safe – something the agency said it will aim to provide.
Cyber deception is risky business
The NCSC warned that the trial scheme also highlighted significant risks, particularly the danger of misconfiguration.
If cyber deception tools aren’t properly configured, they may “fail to detect threats or lead to a false sense of security”.
Worse still, these tools could create openings for attackers, the agency noted.
"As networks evolve and new tools are introduced, keeping cyber deception tools aligned requires ongoing effort. It is important to consider regular updates and fine-tuning cyber deception solutions."
Regardless, the NCSC said there's still a strong case for the use of cyber deception – particularly its potential to impose cost on adversaries.
By forcing attackers to spend time and resources navigating false environments, chasing fake credentials, or second-guessing their access, it can slow down attacks and increase the chances of detection.
"Cyber deception isn’t new, but neither is it widely used, and that’s a missed opportunity," the NCSC concludes. "When done well, it can provide early warning of attacks, generate high-quality intelligence, and shape how our adversaries operate. But it’s not a magic fix; it requires planning, strategy, and support."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn to stay up-to-date with all our coverage.
MORE FROM ITPRO
- NCSC issues urgent warning over growing AI prompt injection risks – here’s what you need to know
- Ransomware victims are refusing to play ball with hackers
- Government urges large enterprises to shore up defenses as NCSC warns UK faces four 'nationally significant' cyber attacks every week
-
Government urges large enterprises to shore up defenses as NCSC warns UK faces four 'nationally significant' cyber attacks every weekNews UK enterprises of all sizes face escalating cybersecurity threats, ministers have warned
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
‘States don’t do hacking for fun’: NCSC expert urges businesses to follow geopolitics as defensive strategyNews Paul Chichester, director of operations at the UK’s National Cyber Security Centre, urged businesses to keep closer tabs on geopolitical events to gauge potential cyber threats.
-
Cyber attacks have rocked UK retailers – here's how you can stay safeNews Following recent attacks on retailers, the NCSC urges other firms to make sure they don't fall victim too
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilitiesNews Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
State-sponsored cyber crime is officially out of controlNews North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightly-targeted campaigns
-
Modern enterprise cybersecuritywhitepaper Cultivating resilience with reduced detection and response times
