Maksim Kabakou - Fotolia

Security Think Tank: Build in controls to protect against data integrity attacks

What type of organisations is likely to be targeted by data integrity breaches and how best can they detect and mitigate against such attacks?

The year 2017 will increasingly see attacks on the integrity of the data that is the fuel of a digital economy. Organisations and groups will increasingly seek to target organisations online and tamper with their data for financial gain.

This is a particular problem for any industry which has high-value data or digital assets. We have all seen high-profile examples, such as the theft of millions of customer accounts from banks.

3D printing will be an increasingly central part of the manufacturing industry for everything from personalised products to drones and car parts.

Its advantages are huge, enabling companies to avoid outsourcing to overseas plants, which will make many products cheaper and allow companies to build far more niche, personalised products.

But the millions of lines of code inside printable files also contain vital IP and industry secrets, such as design specifications that cannot be leaked. This will make them an attractive target for attackers attempting to “modify” the data to undermine competitors and commit “industrial sabotage by cyber attack”.

There is currently no universal cyber security quality assurance built into 3D printing software and printers to alert manufacturers if design specifications have been changed.

If manufacturers and users are to protect themselves against this, they must develop and adhere to a universal industry-wide cyber security gold standard for all 3D printers and software.

Cyber security must be baked into software and printers at the design stage in accordance with this commonly agreed standard so there is an easy way for customers to tell whether their 3D printer files come from a quality assured source.

Hospitals unfortunately continue to provide a very attractive target for ransomware attacks seeking to corrupt data because of the vital importance of the patient data they hold.

This means that hospitals are more likely to pay up, since a data breach is not merely a reputational or financial issue for them but a matter of life or death. Hackers could modify patient records by, for example, deleting allergy information and nobody would know which records had been changed or when.

The first thing hospitals must do to protect patient data is to develop a commonly agreed definition of what they mean by patient records, whether this should mean notes from the GP or clinicians at the hospital or whether this should refer to a single file containing each person’s entire medical history.

They should then decide whether this information should all be consolidated in one place and given the same level of security.

The move to digital records has created far-reaching opportunities to access the information means that everyone handling patient data now needs to have a basic level of cyber security understanding. One poorly trained hospital staff member can put a patient’s confidentiality and health at risk.

These are just two examples of how attacking the integrity of information can have far-reaching implications for organisations, users and governments.

Cyber security controls must be built into new systems and retrofitted to in-service systems if we are to protect integrity of the data that underpins our knowledge economy.

Read more on Hackers and cybercrime prevention