Data manipulation attacks are becoming more prevalent, writes Mike Ewell in GCN:
What makes these attacks so dangerous is the lack of obvious indicators. Leaked or stolen data is typically very public, but simple changes to a system are hard to detect even with a highly trained eye. What are the signs of a compromised system?
Data manipulation is a sophisticated type of breach, and security system operators must learn to recognize anomalies in order to catch discrete changes. These changes can include different access locations, changes to settings or generally odd user behavior, which leads to the first piece of advice for organizations trying to avoid data manipulation. Lock down access controls and set alerts for any kind of access changes relating to administrators, service or root accounts, which are the accounts with the most privilege within a system.
Having detailed audit logs with alerts is also key. Using separate data analytics programs to handle large amounts of information can assist with this component. Setting baseline user analytics for “normal” behavior also can help monitor for anomalies and unusual activity and potentially give the first hint of an insider attack.
Lastly, consider how blockchain could play a role in protecting data from manipulation. Blockchain technology hasn’t been fully adopted by organizations, but its distributed ledger format greatly improves the integrity of the data by verifying all changes and minimizing the risk of an unnoticed or unauthorized change.
