If your data were being manipulated, would you notice?
- By Mike Ewell
- Nov 29, 2018
We’ve all heard of data being hacked, breached, compromised and made public, with Target, the Office of Personnel Management and Equifax some of the more famous victims. But what about the next level of data violation? It’s called data manipulation, and it can be far more dangerous than a simple hack. These kinds of attacks are growing in both the public and private sector, and their potential to hurt organizations is made even greater by the fact that they are usually more discreet, targeted and hard to detect until it’s too late.
There are many scenarios in which altered data records can serve cyber adversaries better than stolen information. The first is financial gain. Hackers can access a firm's financial records and change them by tens of millions of dollars to undervalue the company -- essentially swinging everyday mergers and acquisitions and making purchases easier for competing companies.
Threats also can come from inside the organization, a situation experienced by Tesla earlier this year. A disgruntled employee used insider knowledge to alter Tesla’s sensitive code, intentionally stalling production. This possibility exists for any organization with a workforce that’s privy to software and system controls, making suspicious activity from approved users harder to detect. The OPM hack, for example, could have been particularly damaging if data manipulation was employed, as it could have caused a complete loss of trust in the validity of agency information.
What makes these attacks so dangerous is the lack of obvious indicators. Leaked or stolen data is typically very public, but simple changes to a system are hard to detect even with a highly trained eye. What are the signs of a compromised system?
Data manipulation is a sophisticated type of breach, and security system operators must learn to recognize anomalies in order to catch discrete changes. These changes can include different access locations, changes to settings or generally odd user behavior, which leads to the first piece of advice for organizations trying to avoid data manipulation. Lock down access controls and set alerts for any kind of access changes relating to administrators, service or root accounts, which are the accounts with the most privilege within a system.
Having detailed audit logs with alerts is also key. Using separate data analytics programs to handle large amounts of information can assist with this component. Setting baseline user analytics for “normal” behavior also can help monitor for anomalies and unusual activity and potentially give the first hint of an insider attack.
Lastly, consider how blockchain could play a role in protecting data from manipulation. Blockchain technology hasn’t been fully adopted by organizations, but its distributed ledger format greatly improves the integrity of the data by verifying all changes and minimizing the risk of an unnoticed or unauthorized change. The blockchain is a public record of information, and its distributed nature means any attempted changes that aren’t supported by the record are rejected and can be examined for malicious intent or origin.
As digital spaces grow larger, so do the threat landscapes and attack vectors. Large troves of data become even bigger bull’s eyes for both internal and external cyber adversaries. Recognizing the more subtle kinds of attacks, as well as having pre-existing, hyper-aware security operations centers and security protocols, are the best ways to prepare. A deep understanding of system controls -- and fine-tuning behavioral analytics -- can keep agencies ahead of ever-advancing cyber threats.
Mike Ewell is a cyber security senior manager with Solutions by Design II, LLC.