Maksim Kabakou - Fotolia

Security Think Tank: Data integrity attack could happen to any company

What type of organisations are likely to be targeted by data integrity breaches and how best can they detect and mitigate against such attacks?

We are all becoming familiar with denial of service attacks, data exfiltration (data extrusion) attacks and ransomware attacks that aim to deny us access to our data, but what about attacks on a company’s data integrity?

The question to ask is whether we are talking about security breaches that modify company data or a company’s integrity in the marketplace – or both. Which companies might be subject to an integrity attack, and how might those companies detect and mitigate against such an attack?

A campaign of misinformation saying that company X’s data had been corrupted, particularly if it reached media outlets, would be no less devastating than an actual security breach, and would inevitably impact a PLC’s share price. This would put the perpetrators in a good position for financial gain by betting on share price movement. 

How would a company counter this sort of attack? A good public relations department or firm would monitor social media and news channels to detect the initial phases of such a campaign and act swiftly to counter the misinformation.

Where such a campaign was coupled with attacks on the company’s data, it is likely that only a company’s website would be attacked and subtle changes made, such as changing a displayed share price or changing news items.

The mitigation here is to monitor the company’s website and flag any unauthorised changes for quick correction. While any company could be a victim of such an attack, the more likely company would be a PLC – share price manipulation leading to financial gain. 

Attack detection and mitigation

Where a security breach of company IT systems has been successful in accessing company data to the extent of being able to modify it, what measures can be put in place to detect such breaches and what mitigations are available?

While an obvious route would be to put in place a check-sum mechanism, this would not necessarily detect changes perpetrated by an intruder or unauthorised person taking over a user’s PC when the PC’s owner had left their PC on and logged in but not locked. 

But check-sum mechanisms can be complex to implement. A simpler route is to ensure that only a file owner can modify a file (the file creator, for example). Where more than one person must have file read and write capabilities for a specific file or group of files, then that capability must be tied to network-defined roles and responsibilities. 

While this is not a panacea, it will reduce the scope for unauthorised changes. But it does rely on staff identifying that a document or data file has been changed. 

Recovery would be from backups, but the backup regime must be a well thought out and tested one. For example, daily for a week, a weekly backup for a month, a monthly backup for a year, then yearly backups to match compliance rules.

This sort of breach could happen to any company, with the motives being anything from a disgruntled employee to financial gain (cooking the books) or selling products at far below their real price.

Read more on Privacy and data protection