Maksim Kabakou - Fotolia
I have talked before about the three key guiding elements of organisational information security – confidentiality, integrity and availability (CIA).
Very frequently we see a keen organisational focus on the ‘C’ and less on the ‘I’ and yet this is so important; information or intelligence is the lifeblood of any organisation and businesses can stand or fall on the accuracy (not to mention the value) of their information.
So how can its integrity be less important than the ‘C’ element? Well it isn’t, and organisations as varied as big pharma, local governments, media platforms and mergers and acquisitions specialists are all targets. It would be quicker to list what organisations might not deem an integrity breach to be a valid threat.
There are many reasons why the integrity of data might be attacked for financial gain, although hacking for financial information might not necessarily be the objective in all cases.
Consider an investment bank that deals in mergers and acquisitions. The accuracy of information about all parties concerned in such a complex deal is vital, one error or omission could invalidate or compromise the whole transaction and the legal implications are equally complex. This is an example of where the financial gain may be a bi-product of this attack.
Another example of how this works for financial gain might be the Swift attack in February 2016. This devious and convoluted attack on a messaging system vulnerability meant that money was being syphoned away to accounts that were hidden from view as the messaging service relayed messages indicating the money was going to valid and legitimate accounts.
This is clever stuff as it covered its tracks very well in the process and it was only a spelling error that led to it being discovered. This is a more obvious form of integrity hacking – a messaging system designed to give accurate information, hijacked to do the exact opposite.
Such a convoluted set of motives may be somewhat opaque. We are used to hearing about hacking for bank details and health records, for example, which is basically exfiltration and a confidentiality breach. Integrity breaches are very different and can be tougher to spot, but there are steps that can be taken to help minimise the risk of an integrity attack.
Read more from Computer Weekly’s Security Think Tank about dealing with data integrity attacks
Understanding your information assets and taking a joined up approach to security – information that is useful to an attacker might not be what you expect.
Adopt an effective and ongoing vulnerability assessment mechanism that is fully linked to a change and configuration management process. Effective and layered protective monitoring, linked to an appropriate forensic readiness and cyber response plan.
Continual horizon scanning and vigilance for emerging threats and evolutions of existing threats is advised to build resilience into an adaptive and responsive security stance.