Every day, we hear about the new “innovative” ways that hackers use to infiltrate devices to inject ransomware or steal invaluable date. But hackers are also using data manipulation to make subtle modifications to data sets, which is particularly insidious and could potentially have a greater crippling effect on organizations than a data breach.
As the cybersecurity market in India is expected to grow from $1.97 billion in 2019 to $3.05 billion by 2022 - almost 150 per cent of the global rate, it is clear that India is increasingly becoming a hotspot for ransomware attacks causing this surge in demand.
Last year, a group of security researchers in Israel revealed that they managed to trick doctors into misdiagnosing patients by hacking into and tweaking the scans produced by a hospital’s X-ray machine. This type of data manipulation can cause misdiagnosis and mislead patients of their true health conditions. However, the ramifications could be even greater in a different context.
The motivation behind data manipulation
The 'CIA Triad'—short for confidentiality, integrity and availability—are established principles that form the foundation of an organization’s security infrastructure. Through data manipulation, hackers are now able to launch attacks that call into question the integrity of the data.
In the context of general elections, data manipulation can undermine or weaken the institutions of democracy and subvert the intentions of the electorate. They would not only able to alter the political course of an entire nation but also impact regional and global political relations.
Online fraud is becoming commonplace when it comes to India’s thriving e-commerce industry. In fact, according to a recent report, a large e-commerce company roped in cybersecurity experts to investigate the unexpected spike in its app downloads during the lockdown period, which was later attributed to bots. If left undetected, these bots could have caused revenue loss for the company on account of advertising fraud due to the influx of click-throughs these bots would have generated that would have impacted the amount paid per click.
These data manipulation attacks can be simplified through the use of bots, making it even easier for hackers to launch such attacks. For instance, hackers can use data to create “disinformation” bots that are highly adept at impersonating human behaviour and creating disinformation campaigns on social platforms With a myriad of bots at their disposal, hackers can easily tweak a 'disinformation' bot to insert it in any system and puppeteer the data to their advantage.
These are just some of the ways that data manipulation attacks can be launched against individuals, organizations and even nations. However, such attack vectors are not the sole cause of data manipulation. Human error, while unintentional in nature, would be one of the leading causes for this. Other causes include the unintended transfer of data or even compromised hardware that could corrupt the data.
Countering data manipulation attacks
It is imperative for these organizations to understand that the integrity of data needs to be protected and uncompromised while in use, when being transferred between individuals, or when being stored on devices or in the cloud. Beyond this, it is also critical to understand how the data is being generated and assess the integrity of the data source as well. Organizations should have a clear system to classify and record data. This record would come in handy to IT teams as they strategize and implement counter measures and define access rights for the various data sets.
The countermeasures that organizations can implement to achieve end-to-end protection throughout the data journey include not only data encryption but also audits. Data audits help profile your organization’s data and assess its impact on performance and profits to determine the level of security measures that should be put in place. Organizations should also introduce intrusion detection systems to pinpoint external threats that are targeting their data.
From a user access point of view, it is crucial for organizations to introduce strong authentication mechanisms and access controls to ensure that only authorized users have access. It is also important to apply version control across the entire system for greater visibility on who is making changes to the data, as well as what is being changed.
Data is the most valuable resource today driving our economies, making it a prime target for hackers with ill intent to manipulate for their personal gain. As the world becomes increasingly connected with the advent of 5G networks and proliferation of IoT devices, and even more evident in today’s Covid-19 circumstances as people consume more data by staying home, data being generated will continue to grow exponentially. What this means is that the impact of a data manipulation attack can have serious repercussions on digital transformation or smart city initiatives. Rather than being reactive, it is paramount for organizations to prepare against this new strain of attacks while it is still in the nascent stages of deployment.