What’s Worse than Having Your Data Stolen?
- Markus Melin, Head of Tieto Security Services at Tieto
- 11.01.2017 10:30 am cybersecurity
The modern society is built on data. Having data stolen or taken hostage isn’t the biggest threat, however. If malicious attackers manage to manipulate our data without us noticing, we’re in deep trouble.
In 2014, attackers tried to distort operational data from satellites belonging to the US weather agency NOAA. The satellites’ data is crucial for disaster planning and keeping air and sea traffic safe. Wrong information could have caused serious trouble and even life-threatening situations.
In 2010, a computer virus fed wrong information to centrifuges in an Iranian uranium enrichment plant. This made them rotate at wrong speed which finally destroyed the system – and set Iran’s nuclear program back several years in one swift blow.
In 2012, the FBI estimated that hacked smart electricity meters had cost a Puerto Rican electric utility 400 million dollars every year.
These are all examples of tampered data wreaking havoc. No data was stolen or, nothing destroyed. Just some small tampering of changes to critical data feeds can stop an industrial plant, disrupt air traffic, and cause huge financial damage to businesses.
Internet of Badly Functioning Things
The World Wide Web’s founding father Tim Berners-Lee recently commented that disrupted traffic data could instruct all vehicles to take same routes. This would grind an entire city to a halt.
With the Internet of Things, the correctness of data becomes essential. It’s all too easy to cripple a smart city by feeding wrong information to internet-connected devices.
The Guardian quotes Mr Berners-Lee: “When people are thinking about the security of their systems, they worry about people discovering what they are doing. What they don’t think about is the possibility of things being changed.”
Mucho mistrust
However, there is an even darker side to data sabotage than cars running into each other, all traffic light turning green at the same time or delivery drones dropping pizzas to wrong places.
Not being able to trust data may shake the foundations of the way modern societies and businesses function.
We are accustomed to making decisions that are based on data. Forward-looking businesses describe themselves as data-driven.
But what if an attacker has ever-so-slightly changed the numbers you see in your ERP dashboard? Little by little, you start making increasingly bad decisions because you don’t know the real situation.
What can you do about it?
The whole idea of data sabotage is that changes go unnoticed for as long as possible. Regular methods in detecting anomalies might not work, because the data looks right.
It’s good to start with basic security measures such as strong encryption and strict access control. You need mechanisms to identify unwanted visitors in the network trying to tamper with the data through endpoints by using malware, or directly in the database. You must make life difficult for the attackers.
How can you be sure of the integrity of your data, then? Maybe Artificial Intelligence could come to the rescue. After all, intelligent systems should be able to learn how the data should look and alert if they suspect foul play.
While it’s possible to fool AI systems too, the researchers from MIT have presented an interesting security solution. They have combined machine learning with human intuition and claim to predict cyber attacks much better than previous methods.
The best way to protect yourself from data sabotage is to have a thorough security policy, keep a close eye on the latest developments in AI, and understand that human security experts are still very much needed.
Read how the European Union is putting pressure on data integrity through GDPR and how enterprises must prepare for its requirements.