A doctor pulls up falsified test results in your chart. Every street light in Dallas turns green simultaneously. Your 401K is suddenly $100K short. A U.S. military drone hits an unintended target.
A bad sci-fi movie? Nope. It’s called data sabotage, and it’s a hacker’s latest weapon.
For the last 20 years, we’ve been under the assumption that data entered into a computer system maintains its integrity forever. That is no longer true. Data sabotage, or the subtle data manipulation inside a network, has ushered in a new paradigm of doubt. Now, a cyber-initiated event can have a physical outcome.
Traditionally, we’ve relied on a three-pronged approach to cyber security called “CIA.” Confidentiality, how we limit access to information; Integrity, the assumption that data is accurate and trustworthy; and Availability, people can reliably access information when they need it. When A and C have are attacked, individuals are impacted (they might need a new credit card), but not necessarily hurt. When I is under attack, there’s a real threat to public safety and human life.
Stay ahead of the hackers
As many as 47 percent of U.S. organizations have no individual or functional group responsible for monitoring databases for unauthorized activity. In other words, most organizations are grossly unprepared for a data sabotage episode. Consider the following best practices when preparing your organization:
- Champion education/employee awareness. Extra vigilance is key in preventing phishing, social engineering and other scams that let hackers into your system.
- Establish a database security program. Proven detection and monitoring systems will provide early warning signs of a system intrusion. This could include software-generated encryption protocols, read-write access to certain files and an extra password or alert when there’s been a password change.
- Stay close to leading indicators. Whether it’s a monthly newsletter or a weekly podcast on cyber intelligence, make sure you’re in the know when it comes to the latest scams, what they look like and how they will play out. An annual education session isn’t enough, considering the pace at which cyber risks evolve.
- Consider blockchain technology. Blockchain technology can add a layer of encryption or a ledger that tracks movement and changes within your data. Using blockchain will make it harder for hackers to sabotage your data.
- Look to transfer your risk. Shareholder and class action lawsuits alleging data security negligence could cost you. Consider Directors and Officers (D&O) insurance and Cyber coverage. Talk to your HUB broker about what policies and limits your organization needs to transfer data manipulation risk appropriately.
Let whatever drives them motivate you first
When data integrity is under attack, there’s no financial gain. Instead, the motivation is simply to create chaos within an organization. Whether it’s an IT employee gone rogue, or a terrorist choosing your organization at random, data sabotage could send any business to a grinding halt. Don’t let data manipulation sabotage your organization. Act today.