Simulation-Based Cyber Data Collection Efficacy
This addresses cybersecurity risks for small businesses by challenging assumptions about default security efficacy, though it is incremental as it builds on prior honeynet research.
The study tested whether a small business network with default security settings would be hacked when connected to the public Internet, and found that no actors were able to break in over a two-and-a-half-year period.
Building upon previous research in honeynets and simulations, we present efforts from a two-and-a-half-year study using a representative simulation to collect cybersecurity data. Unlike traditional honeypots or honeynets, our experiment utilizes a full-scale operational network to model a small business environment. The simulation uses default security configurations to defend the network, testing the assumption that given standard security baseline, devices networked to the public Internet will necessarily be hacked. Given network activity appropriate for its context, results support the conclusion that no actors where able to break in, despite only default security settings.