We should do our best to ensure our network and pipeline perimeters are secure and make it hard for attackers to gain access. However, the reality is that intruders will stop at nothing to gain access, as evidenced by the Uber, CircleCI, and Dropbox breaches, just to name a few.
Common to all of those incidents was the attacker’s behavior once they were inside. Each time they quickly found and exploited hardcoded credentials, giving them further access. Since we know this is something attackers do time after time, it is time to turn this behavior against them by engaging in some blue team cyber deception and start planting honeytokens in our environments.