Story image

How businesses can avoid data integrity breaches

11 Jan 17

If we take a look at the year that was, the security landscape of 2016 has certainly reigned supreme with an alarming number of local and global data breaches making headlines. So what’s in store for 2017? It has been forecasted that 2017 will in fact be the ‘Year of the Data Integrity Breach’ with at least one almighty breach disclosure set to send shockwaves throughout the world.  

Data integrity is a promise or assurance that information can be accessed or modified only by authorised users. Keeping that in mind, data integrity attacks compromise this promise with the aim of gaining unauthorised access to modify data for a number of ulterior motives, such as financial or reputational. While sinister, data attacks are nothing new it is important to note that these types of attacks still remain under the radar of businesses who have an ever increasing reliance on data– this can be thought of as the ultimate weaponisation of data.

The way cyber-attacks have transformed over time is an interesting development as the first generation of cyber-attacks focused more so on stopping access to the data, this then progressed to the theft of the data itself. Today, we’re starting to see more and more evidence that the stolen data is being altered before transition, effecting all elements of operations. With the increasing uptake of the Internet of Things, hackers have more attack surfaces and personas that they can manipulate.

For example, a wearable fitness device like a Fitbit is touched by a number of different people – the user, the manufacturer, the cloud provider hosting the IT infrastructure, the third parties accessing it via an API, etc. You can start to see how this can create a cross pollination of risk that the security industry has not seen before. Keeping in mind that a Fitbit is just a personal device, once you take into account all the things that are connected to critical and national infrastructures, you can start to see how this can quickly get out of hand.

It is unnerving, but data integrity attacks have the power to bring down an entire company and beyond; entire stock markets could be poisoned and collapsed by faulty data; the power grid and other IoT systems from traffic lights to the water supply could be severely disrupted if the data they run on were to be altered. And perhaps the greatest danger is that many of these could go undetected for years before the true damage reveals itself.

Gemalto’s top tips for businesses:

1. Understand your data

It is absolutely crucial for businesses to understand what they are trying to protect before they can even think about protecting it. Therefore, businesses need to conduct a data sweep to understand what data it has and where the most sensitive parts sit.

2. Two-factor authentication 

An organisation’s next step should be to focus on the adoption of strong two-factor authentication, which provides that extra layer of security should user IDs or passwords become compromised.

3. Encryption

Encryption provides the layer to stop customers’ sensitive data being used if it has been accessed. Companies need to utilise encryption to protect this data wherever it is found. Whether this be on-premise, virtual, public cloud, or hybrid environments. Most importantly, companies need to adopt a new approach with a presumption that perimeters will be reached and, as such, prepare the correct encryption necessary, to protect the most vital aspect, the data.

4. Key management

Encryption is only as good as the key management strategy employed, and companies must ensure they are kept safe through steps like storing them in hardware modules to prevent them being hacked. Think of it like this, it’s no good having the best locks on your house and then leaving the house keys under the mat for any passing opportunist burglar to pick up.

5. Education

In order to build trust, companies need to educate their workforce and their consumers on the steps they have taken to protect their data. Businesses need to employ a two-pronged approach, educating their employees and consumers on the steps they should also be taking to remain safe and protect their personal data themselves, which leads to them understanding how to protect the company’s data.

Article by Graeme Pyper, regional director, Australia and New Zealand at Gemalto 

Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
Kordia launches Women in Tech scholarship at the University of Waikato
The scholarship is established to acknowledge and support up-and-coming female talent and future technology leaders.