When you hear the phrase “data breach,” you probably imagine a scenario where hackers break into a system and steal sensitive information. Yet data integrity attacks can be just as dangerous as data theft — and, in many cases, more dangerous.The idea behind data manipulation is simple yet terrifying. Instead of stealing information or holding it for ransom, the attackers modify it in place. Depending on the attackers’ motivations, the data owners may or may not be informed of these alterations.In this article, we’ll go over some of the goals of data tampering attacks and discuss just why this new type of data hack poses such a big threat.
During a typical data hack, attackers are usually profit-oriented and indifferent to the victim’s identity. Any target is as good as the next, so hackers select targets with the highest potential for financial gain.
Unlike other types of big data breaches, however, the ultimate goal of data manipulation is to compromise the integrity of the information. This means that the chosen targets are not at all interchangeable.
The goals of data manipulation attackers are as diverse as the organizations they target. Some attackers may receive support from a rival organization, while others simply enjoy the chaos they create.
Like ransomware, another massively popular type of cyber attack, data manipulation attacks can also be exploited to make a profit. After informing the victims that their systems have been compromised, the hackers will refuse to change back the data until a ransom has been paid to them.
Countless psychologists have written about the abusive behavior of “gaslighting.” By denying the victim’s correct version of events, the manipulator causes the victim to doubt themselves and question their very reality.
Data manipulation attacks, by causing victims to doubt the accuracy of their information, aren’t unlike a digital form of gaslighting. Even worse, however, are the attacks in which victims never realize that something is wrong. According to IT research firm Osterman Research, 47 percent of companies have not assigned a team or individual to ensure the security of their databases.
Health care and pharmaceuticals are prime examples of industries where lives can be affected by tampering with data. You can easily imagine how disastrous it would be if attackers changed information such as what medications people were prescribed, how often they should take them, and what allergies they have. If attackers were able to modify health care information on a large scale, causing a great deal of harm, this could reasonably be considered cyberterrorism.
Data manipulation attacks aren’t just about companies losing profits and customers. They’re one more example of how cybersecurity and public health and safety are increasingly intertwined. In 2015, for example, Johnson & Johnson warned customers that a security vulnerability in one of its insulin pumps could allow hackers to overdose users with insulin.
Smear campaigns have been one of the most popular defense mechanisms since time immemorial. What data manipulation attacks offer for smear campaigns is the potential not only to bend the truth, but to change it. By altering an organization’s ground truths, data manipulation has the potential to destroy reputations, both personally and professionally.
In 2016, for example, Russian hackers breached the systems of the World Anti-Doping Agency and released the medical data of many famous athletes. However, investigators discovered that much of this data was altered before release.
Hackers may also tamper with data in order to sway opinions and impact decisions. When information is modified, it’s inevitable that the choices based on that information will also be affected. By making calculated changes to data, the attackers can strategically guide the decision-making processes of those who use that data.
In this era of “fake news,” doubting the source of information is becoming more and more common. When a company detects that a breach has occurred and that its data has been modified, it may not always be possible to confirm the extent of the tampering.
Cleaning up the affected database can be extremely costly in time and manual effort. Legacy data and information about customers, leads, competitors and prices must all be checked and double-checked. In the meantime, your competitors are gaining ground while you’re forced to tread water just to recover from the attack.
Data is the currency of the digital world and the lifeblood of modern businesses. However, data theft isn’t the only cyberthreat on the block. IT security professionals need to be aware of the risks of data manipulation that their companies face.
In order to guarantee that your information is protected against manipulation attacks, you need a continuous data protection solution. Data protection via encryption ensures that your data is safe from theft and manipulation.
Attacks can happen on-premises or in the cloud. No matter how and where your data is stored, Zettaset keeps you protected. Learn more about Zettaset’s XCrypt Object data encryption solution today.