Maksim Kabakou - Fotolia
We are all becoming familiar with denial of service attacks, data exfiltration (data extrusion) attacks and ransomware attacks that aim to deny us access to our data, but what about attacks on a company’s data integrity?
The question to ask is whether we are talking about security breaches that modify company data or a company’s integrity in the marketplace – or both. Which companies might be subject to an integrity attack, and how might those companies detect and mitigate against such an attack?
A campaign of misinformation saying that company X’s data had been corrupted, particularly if it reached media outlets, would be no less devastating than an actual security breach, and would inevitably impact a PLC’s share price. This would put the perpetrators in a good position for financial gain by betting on share price movement.
How would a company counter this sort of attack? A good public relations department or firm would monitor social media and news channels to detect the initial phases of such a campaign and act swiftly to counter the misinformation.
Where such a campaign was coupled with attacks on the company’s data, it is likely that only a company’s website would be attacked and subtle changes made, such as changing a displayed share price or changing news items.
The mitigation here is to monitor the company’s website and flag any unauthorised changes for quick correction. While any company could be a victim of such an attack, the more likely company would be a PLC – share price manipulation leading to financial gain.
Attack detection and mitigation
Where a security breach of company IT systems has been successful in accessing company data to the extent of being able to modify it, what measures can be put in place to detect such breaches and what mitigations are available?
While an obvious route would be to put in place a check-sum mechanism, this would not necessarily detect changes perpetrated by an intruder or unauthorised person taking over a user’s PC when the PC’s owner had left their PC on and logged in but not locked.
Read more from the Computer Weekly Security Think Tank about dealing with data integrity attacks
- Governance and oversight key to data integrity
- Under-the-radar data integrity attacks expected to rise
- Integrity attacks tough, but not impossible to spot
- Data integrity breaches – the challenge facing banks
- Build in controls to protect against data integrity attacks
- Data custodians likely to be top targets of integrity attacks
But check-sum mechanisms can be complex to implement. A simpler route is to ensure that only a file owner can modify a file (the file creator, for example). Where more than one person must have file read and write capabilities for a specific file or group of files, then that capability must be tied to network-defined roles and responsibilities.
While this is not a panacea, it will reduce the scope for unauthorised changes. But it does rely on staff identifying that a document or data file has been changed.
Recovery would be from backups, but the backup regime must be a well thought out and tested one. For example, daily for a week, a weekly backup for a month, a monthly backup for a year, then yearly backups to match compliance rules.
This sort of breach could happen to any company, with the motives being anything from a disgruntled employee to financial gain (cooking the books) or selling products at far below their real price.