So let’s talk about fake news for a moment (fake new is hot right now, we won’t get into politics of course). Fake news has been a constant refrain not just by the media, politicians, business leaders but also the general public. In the main fake news contributes to two negative consequences:
- Someone benefits from distributed information that is contrived for the sole purpose of manipulating public opinion to achieve some sort of short term benefit
- It undermines the credibility of real news organizations and creates an atmosphere of suspicion for all news to the point that people don’t k now what to believe
The current obsession concerning the subject of fake news has opened the eyes of many business leaders, government agencies and cybersecurity professionals. As precarious as fake news is, fake data is far more dangerous and threatening to society. Up until recently, cybersecurity was concentrated on preventing the unauthorized seizure of data during a data breach. For example the illegal procurement of financial or personal information.
But what if a hacker breaches your network, not to steal your data, but to manipulate it?
The alarming fact is that data sabotage is potentially just as damaging to an organization as data theft. It can also be just as profitable to the criminals responsible. Some possible scenarios:
- Hackers modify the quarterly earnings report of a company and take advanced actions on its stock price
- An airliner hires a hacker to alter the flight schedules of its largest competitors in order to damage its brand
- A rogue government manipulates the software infrastructure of the United States power grid
When it comes to data integrity attacks, the scenarios are endless and no company or organization is exempt. So what can you do to lessen the potential of a data integrity attack?
1.Encryption
The most effective means of ensuring the integrity of your data is to encrypt it. This pertains to both the transmission of data as well as data at rest. When data is encrypted, it is inaccessible by unauthorized parties so even if your data silo is breached, the data will be fully protected. This can be done by encrypting all of your drives whether on a server or a laptop, as well as using some type of third party encryption program to secure the files and folders located on cloud drives. When using encryption, remember that the encryption is only as secure as the keys the encryption is based on. Make sure that the keys in a very secured location that is only accessible by upper IT management.
2. Multifactor Authentication
We live in an era in which mere password authentication is no longer enough. Network security systems are under the constant bombardment of credential stuffing attacks and users continue to click embedded links and email attachments that install key loggers. These perpetual threats combined with the mobile world in which we live where remote logins are the norm create real vulnerabilities for any enterprise. Multifactor authentication should be an essential requirement of any enterprise security plan today.
3. Data Protection Technology
Organizations and vendors alike are putting a greater emphasis on data protection technologies. These solutions help stop data leakage by restricting what users can do with designated data files. Examples are the prevention of forwarding emails with enclosed data attachments as well as restricting what applications can interact with data files. Some examples include Windows Information Protection from Microsoft and Azure Rights Management.
4. File Logging
IT teams should enable logging for activities for all drives that host data files. Designated activities include who accessed a file successfully and unsuccessfully, as a multitude of failed access attempts by a single user could be a tip-off of nefarious intentions. Simply enabling logging is a useless endeavor however if you do not review them on a periodic basis.
5 Enforce Least Privilege Security
Privileged accounts are the keys to the kingdom, and are the keys that every hacker wants to obtain. Simple steps include denying administrator access for general users. In addition, high privilege accounts such as enterprise administrators should rarely if ever logon to a device as a privilege account. Instead, they should log on as an account with minimum rights and insert their privilege credentials when prompted to perform a privilege task.
6. Privilege Identity Management
Many network infrastructure devices such as routers and switches utilize shared administrator accounts, making it nearly impossible to identify who accessed what device at what time. PIM is a system that tracks when a user logs on a device as a shared account.
7. Education, Education, Education
Perhaps the most important security tool you can implement is the continual education of your users. Take the time to convey to your users how important it is to protect both company and personal data and how company policies are attempting to accomplish this.
Ransomware will continue to dominate the security landscape for the rest of 2017. However we also expect to see a rise in the level of data integrity attacks and the use of AI by attackers. Data sabotage as the next big threat will become a reality in 2017. Expect to see more examples of organizations, governments or individuals reacting to fake news articles as if they were true.
Are you an IT professional that wants to ensure sensitive data and devices are protected? Talk to a specialist or email us at info@titanhq.com with any questions.