.jpg)
31 January, 2017
The next post in our series highlighting our 2017 Cybersecurity Predictions introduces our prediction about the rise in data integrity attacks. In a recent webinar, Ed Stroz introduced this topic by saying:
“When you get down to the basics of hacking and what hackers are trying to achieve, the three letters that are often used are C.I.A., and that is not the Central Intelligence Agency. In this case, it is an attack on the Confidentiality of your information, the Integrity of your data, or the Availability of your systems. Traditionally, what we’ve seen mostly are attacks on confidentiality, those would be like when credit card numbers are stolen or trade secrets are stolen. Availability is an attack of the type where Dyn and Krebs on Security suffered distributed denial of service attacks. They’re designed to be seen, designed to be noticed, unlike a confidentiality attack. And we’ve gotten so used to looking at these two examples that integrity has sort of fallen by the wayside until late last year when people were concerned about the integrity of the voting in the elections.”
As Stroz went on to describe, this is an issue that we will see significantly impact businesses:
“We have to anticipate the possibility that the integrity of our data may be the next target in a way that we always knew was possible and have already seen in much smaller ways. It’s a logical extension in the way of the concern for democracies and attacking the voting system, but if you step back for a minute, you can see that businesses also have data that could be attacked in an integrity compromise just as much as democratic voting institutions do.”
PREDICTION:
Data sabotage as the next big threat will become a reality in 2017. Criminals will seek to sow confusion and doubt over the accuracy and reliability of information, impairing decision-making across the private and public sector. Expect to see continued examples of governments or individuals reacting to altered or fake news articles as if they were true.
High profile attacks to date have already involved deleting data, editing news headlines, and disrupting access to information. In November 2016, a group calling itself OurMine hacked Business Insider’s website, posting and editing stories on the U.S. version of the website[1]. The U.S. election season was mired by the flood of “fake news” that independent researchers contend garnered support from a sophisticated Russian propaganda campaign that created and spread misleading articles online using botnets.
In addition, data sabotage resulted in the December 2016 “PizzaGate” conspiracy[2]. This fake news story incited a man to open fire in a pizza restaurant in Washington, D.C., claiming he was investigating a theory about Hillary Clinton running a child sex ring out of the establishment. Fortunately, nobody was injured. These incidences are just a foreshadowing of things to come. We are witnessing what James Clapper presented during his 2016 Congressional testimony as the “next push on the envelope.”
Beyond news headlines, data integrity attacks will have even bigger ramifications. Account executives might alter employee time sheet information before entering to the HR payroll application; altering of credit scores or bank account numbers will become more common, and is a natural evolution from simple data breaches; a corporate competitor who wants a competitive advantage might tamper with financial account databases to distort reality, immediately prior to a merger or closing of a significant contract.
BOTTOM LINE:
In 2017, organizations will prioritize protecting themselves against data integrity and sabotage after an incident in which criminals successfully manipulate information, such as company earnings, news announcements, voter information, or the operational controls of a system such as energy grids.
To see how our 2016 predictions measured up and read the full 2017 Cybersecurity Predictions report, CLICK HERE.
For further information, please contact:
Paul Jackson, Managing Director, Stroz Friedberg
pjackson@strozfriedberg.com
