Maksim Kabakou - Fotolia

Security Think Tank: Under-the-radar data integrity attacks expected to rise

What type of organisations are likely to be targeted by data integrity breaches, and how can they best detect and mitigate against such attacks?

Data integrity attacks may be subtler and more cunning than headline-grabbing information leaks, but there is the potential for damaging impact in the short and longer term.

Using compromised privileged credentials to obtain access is the primary route in, and attackers are likely to be able to maintain control and compromise information for longer if they do not raise awareness of their presence by leaking information.

All industries are at risk. Data is everywhere; it sits behind most decisions and every organisation has information that is sensitive or valuable.

Attackers could make subtle changes to important intellectual property (patents or product plans, for example), ownership deeds or financial records. Such changes may go unnoticed for long periods of time.

Eroding trust in data can cause significant damage and disruption, and recent ISF research notes that the number of such attacks is expected to rise significantly over the next two years.

Individuals at all levels of an organisation – but particularly senior business managers – need to gain a sound appreciation of the importance of information integrity.

Every risk assessment should then be expanded to consider the likelihood and impact of attacks on this key characteristic of information.

Read more from Computer Weekly’s Security Think Tank about cyber security

Organisations will reduce the impact of attacks on misinformation by planning in advance, putting in place incident response processes and plans that consider attacks on integrity.

Monitoring what is being said about the organisation online, as well as keeping track of changes made to internal information, will provide early warning signals that the integrity of the organisation’s information is being targeted.

Read more on Hackers and cybercrime prevention