
How Honeypots and Canary Files Catch Attackers Before They Strike
From The Backup Wrap-Up by W. Curtis Preston (Mr. Backup)
May 11, 2026 · 34 min
About this episode
The episode discusses how honeypots and canary files can be used as effective tools in cybersecurity to detect attackers before they strike.
Honeypots and canary files are two of the most underused tools in cybersecurity — and in this episode, Dr. Mike Saylor and I break down exactly how they work and why you should be using them. The short version: they're tripwires. They tell you a bad guy is poking around your network before anything gets encrypted. Mike walks through his layered security analogy, explains the three different ways organizations use honeypots — learning attacker tactics, distraction, and testing — and then we get into canary files: what makes them different from a honeypot, how they beacon home when stolen, and why clock synchronization matters more than most people think if you ever want that evidence to hold up. We also cover how to stand one up without a big budget, what tools are available, and why something is absolutely better than nothing. Plus, Mike and I have news about our new O'Reilly book, Learning Ransomware Response and Recovery. 0:00 - Intro and book news 1:09 - Meet the crew 3:45 - Security is all about layers 9:22 - What are honeypots and canary files? 11:00 - Three ways honeypots work for you 13:17 - Real-world examples: bait cars and glitter bombs 15:20 - Making your honeypot…
People in this episode
Host: W. Curtis Preston
Guest: Dr. Mike Saylor
Topics covered
- cybersecurity
- honeypots
- canary files
- layered security
- network protection
Keywords
- honeypots
- canary files
- cybersecurity tools
- network security
- attack detection
Mentioned in this episode
Books & works: Learning Ransomware Response and Recovery
More episodes of The Backup Wrap-Up
- California Election Counting Explained by an Actual Poll Worker · June 8, 2026 · 25 min
- Stop 90% of Ransomware Attacks with Basic Cyber Hygiene · May 25, 2026 · 40 min
- Claude Deletes a Company — But It's Not Really Claude's Fault · May 18, 2026 · 40 min
- Network Segmentation to Prevent Ransomware: What the UCSF Attack Taught Us · May 4, 2026 · 47 min
- Stop Using VSS as a Backup Before Ransomware Deletes Your Shadow Copies · April 27, 2026 · 37 min
- Ransomware Sanctions, OFAC, and the Lazarus Group: A Real Case Study · April 20, 2026 · 37 min
Explore listener stats, chart rankings, contacts and more on the The Backup Wrap-Up podcast page.