Earlier this year Admiral Michael Rogers, head of the NSA and the US Cyber Command, talked about the key ‘three things that keep him awake at night’ The first two are the fear of online attacks against US critical infrastructure and non-state terrorist groups changing how they use online resources. These threats were to be expected and found. But the third one – data tampering – still is a bit of a surprise in most of the cases.
In the near future instead of stealing sensitive data hackers may decide to simply tamper with it materially. In his view this has the potential to become the biggest threat to companies regardless of their size or industry since it raises the specter that organizations will no longer be able to fully trust their own data.
In order to be better equipped to mitigate this emerging threat there are a number of measures we advise customer IT departments to take.
Advice #1: Improve data visibility
There’s no shortage of vulnerability assessment and network monitoring vendors claiming to be able to provide visibility into the many thousands of processes across enterprise systems. The technology has to be able to go deeper yet remain easy-to-use, providing the IT department with a detailed picture of who did what to individual data records, along with where and when. The system also needs to have a built-in record of who has authorized access to what files in the IT environment.
Advice #2: Incorporate behavior analytics
Hackers are well versed in evading an organization’s perimeter defenses. A favorite method is to plant malware inside the network via emailed spear-phishing attacks. Real-time behavior analytics applications inside the network can process large volumes of data and conduct comprehensive root cause analysis. This, in turn, leads to faster detection rates and helps to mitigate the risk of attacks persisting once inside the network.
Advice #3: Implement Artificial Intelligence (AI)
Machine learning is one of the most effective technologies at mining data to unearth security issues hidden in Big Data. Some organizations already use a combination of data mining and artificial intelligence to identify infected machines on the corporate network. The ability to convert large volumes of raw data into actionable intelligence is key to organizations in the fight back against attackers. The technology allows them to discover patterns that can be used to identify compromised data and take the necessary mitigating action.
In conclusion, as cyber-criminals continue to develop ever more sophisticated attack vectors so organizations must continually evolve their defense strategies. Adjust your security methods in line with the emerging threat landscape and move toward a risk-based culture. Technical advances can help organizations mitigate risks to sensitive data and make the cyber environment safer and more secure.