Abstract
Cyberattacks have increasingly posed a significant threat to the cyber-infrastructure of organisations. Hackers are drawn to exploiting known network vulnerabilities due to the potential rewards of uncovering and acquiring valuable data stored within these organisations. To address this issue, security teams can design and implement sophisticated security tools to defend against cyberattacks, among which honeypots are particularly noteworthy. Honeypots are designed to attract intruders, allowing them to interact with the system while effectively isolating them from impacting the actual production and service systems of the organisation. Ultimately, honeypots gather and log data related to the intruder and the attack, providing vital information that can be analysed to enhance defences against similar incidents.
However, the implementation of modern privacy laws presents challenges concerning the data logged by high-interactive honeypots. The primary aim of this study was to develop conceptual guidelines to assist organisations in adhering to the Protection of Personal Information Act (POPI Act) and General Data Protection Regulation (GDPR) concerning the processing of data obtained through high-interactive honeypots. The POPI Act was chosen due to its familiarity as the privacy law that governs the processing of the sensitive data belonging to South African citizens; the regulations found within the legislation were already known whilst conducting the necessary research needed to understand the privacy concerns that arise regarding honeypots. Similarly, the reason as to why the GDPR was used during the course of research was due to it being the most well-known privacy law, setting the “standard” with its strict rules being enforced on big tech companies that collect and utilise the sensitive data of European Union (EU) citizens. This study investigates the limitations associated with processing such data, drawing on relevant literature regarding the POPI Act and the GDPR.
xvi
The findings from this literature review were further enriched by a comparative analysis of the two laws, highlighting key similarities and differences in their requirements. Additionally, literature revisions of related works offer insights into the history and evolution of honeypots, complemented by practical experience gained through the installation, configuration, and interaction with a high-interactive honeypot (observations). This hands-on approach facilitated a deeper understanding of the tool's functionality and the types of data it monitors and logs. Consequently, this study explored the privacy and legal implications of processing data collected by honeypots, viewed through the lens of privacy laws established by the South African and the European Union governments.
This study presents a comprehensive set of guidelines for the collection of data through honeypots, ensuring that the processes for collection, storage, and analysis of sensitive data are in alignment with the requirements of the POPI Act and the GDPR. The purpose of these guidelines is to provide organisations with recommendations for the compliant collection of honeypot data in accordance with these privacy laws. Furthermore, they aim to help organisations understand their obligations and the potential repercussions of any violations. The effectiveness of these guidelines was assessed through a review involving experts in the cybersecurity field, including cybersecurity engineers and data governance specialists, who evaluated the recommendations outlined within. Following the evaluation, the proposed guidelines were revised and improved.
Keywords: Honeypot, POPI Act, GDPR, privacy, cyberattacks, intruder, intrusion, organisation, individual, sensitive data