Why "Integrity" Cyberattacks Are the Most Damaging and How to Protect Your Organization
For years, security professionals have relied on the CIA Triad model as the cornerstone of information security, where CIA represents confidentiality, integrity, and availability.?Recently, Tse-Horng “Richard” Yu, CIO of US Space Command, cited data integrity as something that keeps him up at night.?In many aspects, the “integrity” leg of the CIA Triad doesn’t get its due.???
Confidentiality and Availability: The First and Last Words in Security?
The “confidentiality” leg of the triad is felt by everyone regardless of their field or knowledge of cybersecurity:?nearly every adult has received a notice that his/her information has been compromised.?Finding examples of sensitive information, trade secrets, and even national secrets being exposed is a trivial exercise.?Breaking confidentiality has been a staple of cyber attackers.?
The “availability” leg is also front and center.?One can easily find examples of denial-of-service attacks in the popular press.?Websites being knocked offline, at least for a period of time, are commonplace.?Ransomware falls most neatly into availability leg, as the data is still there and hasn’t necessarily been compromised, you just can’t access it unless you pay the ransom or restore it from backups.?
Let’s explore a non-traditional view of an “availability” attack.?Suppose you are walking along a secluded trail around a picturesque lake, when you run into a mugger who takes your money and then throws your phone into the lake to prevent you from calling the police.?You probably haven’t lost data, since it’s backed up in the cloud.?The damage to the device (i.e., the phone) may not even be that expensive, especially if it's insured.? It’s more of a nuisance than a catastrophe.?Yes, it’s a pain to have to buy a new phone and reconfigure it, but once you have, all is back to normal.?
Integrity: The Middle Child Seeking Attention?
However, imagine if one were to hack into your phone’s contact list and randomly change one of the last seven digits of your contacts’ phone numbers or swap the numeric part of street addresses.?I can safely say if that happened to me, I would only be able to call my wife, as it’s the only number I’ve memorized.? The impact of this “integrity” attack would be far more substantial.? Take a business example, where customers’ online orders were changed, maybe not all of them, but enough to cause upset customers to flood the customer service lines.? Would the company immediately know what happened?? How long would it take for them to consider a potential hack?? If it were an “availability” attack, the company would have immediately activated a cyber incident response plan.? Even a “confidentiality” attack would likely cause them to consider a breach.? However, humans aren’t particularly good at detecting deception, with some studies suggesting humans only have a 50% accuracy rate of doing so.? The possibility of an “integrity” cyberattack may not be quickly considered.?
Part of the problem with “integrity” attacks is that many still have a view of defending systems and networks.? While this perspective is still valid for OT systems, it’s applicability to IT systems is flawed.? The example of the phone in the lake illustrates that the loss of the system wasn’t nearly as big of a deal as the phone having untrusted or incorrect data.? For an IT system, one must take the perspective of protecting the data rather than focusing solely on systems.?
In today’s environment, your data is everywhere.? In 2023, Pluralsight reported that 65% of organizations have more than one cloud service provider with another 20% stating they are moving in that direction.? That estimate does not account for other locations where data resides.? How many organizations have one or more IaaS providers but also use Office 365, Google Docs, or Salesforce?? These SaaS solutions contain your data.? The integrity of this data could be vitally important to you.?
领英推荐
Trust is Hard to Repair?
The loss of trust is the byproduct of a successful “integrity” attack.? Should a human give faulty information, one will doubt this person’s ability to provide accurate information in the future.? Over time, it’s natural for trust to be restored, particularly if the person resumes providing accurate information.? If there was a prior existing good relationship, the time to fully restore trust is shortened.?
Without the benefit of a human relationship, studies have shown that humans are likely to have a greater dip in trust and a much longer time to restore it if a machine provides faulty information compared to faulty information from a human.? Thus, it’s important to prevent “integrity” attacks, and should they occur, they must be resolved quickly.?
What to Do?
Several actions can and should be undertaken to protect against “integrity” attacks.?
CEO @ NetCentrics | Cybersecurity, Cloud, Digital Transformation | Colonel (USAF, Retired) | Board Member @ NDIA | Business Executives for National Security (BENS)
2 周Great article, Steve Wieland!