Maksim Kabakou - Fotolia

Security Think Tank: Three strategies against data integrity attacks

What type of organisations are likely to be targeted by data integrity breaches, and how best can they detect and mitigate against such attacks?

Attacks on data integrity comprise a range of activities. This could be simply changing a few entries in a single database, adjusting entire databases, or a well-timed fake social media announcement.

An integrity attack is an equal-opportunities threat and does not discriminate. Potential targets include industrial operating processes, intellectual property research results, customer retail records and financial service transactions.

The malicious modification can be encryption by ransomware, leading to business interruption and subjecting targets to blackmail from organised crime. With over 100 unique ransomware types identified by one security company alone in 2015, it is clearly profitable and widespread. Integrity attacks also target transaction databases, enabling criminals to commit fraud, for example, by tampering with loyalty points or account balances.

If distributed denial of service (DDoS) attacks, which aim to make a website or connected device inaccessible, are the “bunker buster” of cyber weapons, then data integrity attacks are the strategic nuclear submarine. They silently move into place and launch an attack to overwrite data before slipping away.

Research shows that detection of cyber attacks commonly takes from weeks to months. The relative lack of integrity controls only extends these timescales.

When an attack is detected, the target faces the challenge of identifying exactly what was changed, and when. Even with comprehensive backups, it may still be necessary to reconstitute data from other multiple sources, increasing an already costly and time-consuming process.

Managing the risk of data integrity breaches can be done through resilience, reduction and recovery. Resilience to a potential compromise comes from applying the security basics rigorously – for example, UK Cyber Essentials or Sans Top 20 – and testing defences.

Reduction of the likelihood and impacts come from integrating strong business controls to detect when critical values change unexpectedly, and backup restoration capability which is resistant to tampering. Successful recovery is enhanced by having a clear response plan with well-defined roles, prepared communications for internal and external stakeholders, and the opportunity to test and improve through incident simulation training.

The growth in analytics, the step change in the use of artificial intelligence and software robots all make business data increasingly valuable, and so increasingly targeted. An up-to-date approach is the most effective way to manage this modern threat.

Read more on Hackers and cybercrime prevention