I'm glad I have well water. Not that it protects me, but it provides some insulation in the event that the local water company's systems were hacked and unclean water released. That hacking could happen, and the person in this piece speculates it is happening after a water authority honeypot attracted hackers from all over the world. It's scary to think how the world may change when any individual, as well as any country, could attack our digital systems. It means security is more and more important all the time.
As I read the article, I looked for a positive in the experiment. Was there something to take away from this research? The thing I thought of was the way in which hacker traffic was drawn to this system. Not that hackers were not also investigating other systems, but if honeypots existed, perhaps in enough places, would the additional targets provide more security?
That's an interesting idea. What if you had CRM/Sales/Inventory systems that were available for port scans, and hacks, but didn't connect to banking systems and had test/dummy data? Would a few of these provide some security by luring hackers into spending their resources on these systems instead of real systems? What if you had 4 or 5 instances of SQL Server, probably Express, responding to port scans and providing a relatively easy target. You could monitor these systems, and perhaps be more prepared for real attacks when they occur.
I have long felt that we can't completely eliminate threats and secure our systems from any unauthorized access. What might be worse is that we may not be able to separate real queries from fake ones. What we need is better monitoring and awareness of the traffic to our systems. Perhaps if we had honeypots that we could monitor, we would be able to draw some hacking traffic, identify users that were unauthorized and then use that information to better protect, or audit, our real systems.