Why "Integrity" Cyberattacks Are the Most Damaging and How to Protect Your Organization

Why "Integrity" Cyberattacks Are the Most Damaging and How to Protect Your Organization

For years, security professionals have relied on the CIA Triad model as the cornerstone of information security, where CIA represents confidentiality, integrity, and availability.?Recently, Tse-Horng “Richard” Yu, CIO of US Space Command, cited data integrity as something that keeps him up at night.?In many aspects, the “integrity” leg of the CIA Triad doesn’t get its due.???

Confidentiality and Availability: The First and Last Words in Security?

The “confidentiality” leg of the triad is felt by everyone regardless of their field or knowledge of cybersecurity:?nearly every adult has received a notice that his/her information has been compromised.?Finding examples of sensitive information, trade secrets, and even national secrets being exposed is a trivial exercise.?Breaking confidentiality has been a staple of cyber attackers.?

The “availability” leg is also front and center.?One can easily find examples of denial-of-service attacks in the popular press.?Websites being knocked offline, at least for a period of time, are commonplace.?Ransomware falls most neatly into availability leg, as the data is still there and hasn’t necessarily been compromised, you just can’t access it unless you pay the ransom or restore it from backups.?

Let’s explore a non-traditional view of an “availability” attack.?Suppose you are walking along a secluded trail around a picturesque lake, when you run into a mugger who takes your money and then throws your phone into the lake to prevent you from calling the police.?You probably haven’t lost data, since it’s backed up in the cloud.?The damage to the device (i.e., the phone) may not even be that expensive, especially if it's insured.? It’s more of a nuisance than a catastrophe.?Yes, it’s a pain to have to buy a new phone and reconfigure it, but once you have, all is back to normal.?

Integrity: The Middle Child Seeking Attention?

However, imagine if one were to hack into your phone’s contact list and randomly change one of the last seven digits of your contacts’ phone numbers or swap the numeric part of street addresses.?I can safely say if that happened to me, I would only be able to call my wife, as it’s the only number I’ve memorized.? The impact of this “integrity” attack would be far more substantial.? Take a business example, where customers’ online orders were changed, maybe not all of them, but enough to cause upset customers to flood the customer service lines.? Would the company immediately know what happened?? How long would it take for them to consider a potential hack?? If it were an “availability” attack, the company would have immediately activated a cyber incident response plan.? Even a “confidentiality” attack would likely cause them to consider a breach.? However, humans aren’t particularly good at detecting deception, with some studies suggesting humans only have a 50% accuracy rate of doing so.? The possibility of an “integrity” cyberattack may not be quickly considered.?

Part of the problem with “integrity” attacks is that many still have a view of defending systems and networks.? While this perspective is still valid for OT systems, it’s applicability to IT systems is flawed.? The example of the phone in the lake illustrates that the loss of the system wasn’t nearly as big of a deal as the phone having untrusted or incorrect data.? For an IT system, one must take the perspective of protecting the data rather than focusing solely on systems.?

In today’s environment, your data is everywhere.? In 2023, Pluralsight reported that 65% of organizations have more than one cloud service provider with another 20% stating they are moving in that direction.? That estimate does not account for other locations where data resides.? How many organizations have one or more IaaS providers but also use Office 365, Google Docs, or Salesforce?? These SaaS solutions contain your data.? The integrity of this data could be vitally important to you.?

Trust is Hard to Repair?

The loss of trust is the byproduct of a successful “integrity” attack.? Should a human give faulty information, one will doubt this person’s ability to provide accurate information in the future.? Over time, it’s natural for trust to be restored, particularly if the person resumes providing accurate information.? If there was a prior existing good relationship, the time to fully restore trust is shortened.?

Without the benefit of a human relationship, studies have shown that humans are likely to have a greater dip in trust and a much longer time to restore it if a machine provides faulty information compared to faulty information from a human.? Thus, it’s important to prevent “integrity” attacks, and should they occur, they must be resolved quickly.?

What to Do?

Several actions can and should be undertaken to protect against “integrity” attacks.?

  • View security through an information lens – For IT, throw out the old perimeter model for cybersecurity.? Throw it out completely.? IT professionals should care about the information.? What information is vitally important?? Where is it located?? Modern organizations now have information distributed across multiple cloud service providers (CSPs) and SaaS providers.?

  • Gain visibility across the entirety of your information environment – Many organizations lack security products that monitor all their information, particularly?when it resides across a mix of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), SaaS and on-premises environments.? It's essential to remember that even for SaaS solutions, a shared security model is in place. Visibility into cloud-native APIs and other services is crucial, as these can represent potential weak points for accessing the data layer. A multi-cloud security solution, such as Wraith ?, provides this necessary visibility.?Wraith, developed by NetCentrics, is a cloud-native cybersecurity solution that provides comprehensive coverage across various environments, including all major CSPs as well as IaaS,?SaaS and PaaS providers, along with on-premises systems. It enhances visibility and threat detection, effectively addressing the limitations of outdated cybersecurity tools that are often ill-equipped to protect modern cloud technologies.?
  • Adopt zero-trust principles – It’s paradoxical that zero-trust yields trusted data, yet?it’s essential and not necessarily a major investment.?An underlying principle of zero-trust is the assumption that someone has circumvented security measures and is engaged in nefarious behavior.?Zero-trust principles are based on the belief that a breach will occur and aim to limit its impact.?Put another way, organizations should restrict access to data to limit the amount of data that can be compromised or corrupted.?Another important aspect of these principles is the security “system of systems,” i.e., the integration of security frameworks to correlate information, providing defenders a complete picture of the security landscape.?Many of the existing security tools have underutilized capabilities and lack integration with other security solutions in their default configuration.?Often, a vendor’s solution could be integrated with other platforms, given the right technician expertise.?However, it may not be in a vendor’s best interest to facilitate these integrations from a business perspective, as it is more profitable for them to encourage ongoing investment in their product lines. Organizations need to challenge their cybersecurity teams to overcome these obstacles or partner with trusted experts like NetCentrics to assist them.?

  • Incorporate “integrity” attacks into your incident response plan – One way to mitigate the loss of trust is by having the ability to respond to “integrity” incidents and quickly mitigate their impact.?Knowing that a dedicated team is available to tackle concerns about the fidelity of?information puts a human face on technical problems.?This approach yields several benefits: it reduces response time to “integrity” concerns, it shifts the responsibility for restoring trust from automated systems to humans and reinforces a culture that prioritizes information?vs. the systems where it resides. If your organization lacks the necessary incident response capabilities, it should seek out a trusted partner like NetCentrics to help fortify your defenses and minimize the business impact of “integrity” attacks.??

Kenneth Cushing

CEO @ NetCentrics | Cybersecurity, Cloud, Digital Transformation | Colonel (USAF, Retired) | Board Member @ NDIA | Business Executives for National Security (BENS)

2 周

Great article, Steve Wieland!

回复

要查看或添加评论,请登录

NetCentrics的更多文章

社区洞察

其他会员也浏览了