In summer 2018, a disgruntled employee of Tesla hacked into the company’s manufacturing operating system, illegally sharing proprietary data and modifying Tesla factories’ software to disrupt manufacturing. The attack included both data theft—that is, exfiltrating information about Tesla’s factory operations and sending that information to unauthorized third parties—and data manipulation, which involved changing data within Tesla’s IT infrastructure.
To date, most of the large, costly cyberbreaches making headlines have involved data theft. In these instances, attackers steal and sell proprietary data on the black market to other criminal organizations and individuals. However, data manipulation is different. Instead of simply accessing proprietary information, attackers change it in ways that may affect operations or undermine confidence in data, or even render that data unavailable. For example, security experts worried about the 2020 elections are currently very concerned about data manipulation—that is, the potential for foreign entities to alter vote tallies.
In this blog, we’ll examine the difference between data manipulation and theft, break down why both are a threat to your environment, and suggest ways to protect your organization from these types of activities.
Understanding Data Theft and Data Manipulation Threats
Data theft is by far the most common objective for hackers. It’s the name of the game for a broad spectrum of criminal actors and organized teams, up to and including nation-state actors. It’s what nearly every organization needs to be on the watch for.
Data theft is just what it sounds like. Hackers break into your organization’s IT system and steal data. Often, they’ll target data that is valuable to criminals—such as customer names, addresses, social security numbers, and financial account numbers. In some cases, they seek proprietary information that may be valuable to your competitors.
A distant relative of data theft is data exposure, as a result of misconfiguration or improper setting, which can make it easier for attackers to gain access to your data. It’s not an attack in itself, but it can facilitate both data theft and data manipulation.
Especially as organizations move to the cloud, they need to be aware of the types of mistakes and negligence that can expose proprietary data on the public web. You may have additional exposure through your partners, affiliates, suppliers, and even customers in the cloud. For instance, of 13 major incidents involving misconfigurations in the cloud in the past 2 years—which resulted in exposure of data to the tune of 920 million records—8 involved a partner, affiliate, supplier, or customer.
Data manipulation, although not as common, also poses a threat to your environment, as cybercriminals break into your IT system to access and alter your data. It’s as if a burglar came into your house and, rather than stealing your valuables, decided to rearrange your furniture. That, however, makes it sound far more harmless than it actually is. For instance, imagine if design plans for a new building were manipulated and, as a result, the structural integrity of the building was compromised when built. Or, a company’s major new product is designed with an intentional defect by a disgruntled employee resulting in large-scale returns. Though motivations may vary, the result is usually costly if manipulated data is not discovered early and restored to its original state.
Data manipulation techniques, such as ransomware, pose significant threats to organizations in the public sector, including hospitals, utilities, and police and investigative organizations. Ransomware attacks specifically represent a painful variant of data manipulation as files and data are encrypted and held for ransom. It’s a serious and growing threat facing many types of organizations, and it often results in disruption of normal operations and services.
Fortunately, only organizations in a few industries need to worry about non-ransomware data manipulation. Examples include:
- Pharmaceutical companies: Manipulation of clinical trial and similar data, or of production systems, can have an impact on a company’s ability to make medicines that are effective. In addition to threatening profits and business operations, there’s a larger health risk. Imagine a disruption to the global vaccine supply in the midst of an outbreak. Rogue nation-states are the likeliest perpetrators in this scenario, though corporate actors, or even hacktivists, might attempt such an attack.
- Infrastructure companies: Power plants, electrical utilities, water, transportation, and other infrastructure-oriented facilities and operations are all vulnerable to data manipulation, most probably by nation-state actors.
- Financial markets systems: Manipulating data—whether changing earnings or other market moving data reports or disrupting trading algorithms—could put individual businesses and markets in turmoil and undermine trust in the financial system. Criminal organizations would be attracted by the large amounts of money in play, while nation-state actors might relish the potential for economic disruption.
- Government systems: Government systems managing public health, retirement systems, school systems, and emergency response use huge amounts of sensitive data—and tight budgets don’t often allow for adequate protection. In fact, a rash of recent ransomware attacks has focused on local and municipal government systems.
In the private sector, data manipulation is a risk for a small number of companies and, as in the Tesla example, the main vulnerability can be an employee or insider threat. This makes it more challenging, especially given that most IT departments don’t have the tools and operations in place to monitor for behavioral indicators that suggest an employee may pose a risk to the business.
Mitigating the Threat
Given the rising threat of data theft, data exposure, and data manipulation, do you know what your organization’s risks are, and how you can protect yourself? Organizations can mitigate both data theft and data manipulation by taking some basic precautions.
Establish controls
Start by maintaining effective security controls that address perimeter/network traffic (IPS/IDS, WAF, Firewalls, etc.), endpoint, and other access points to the environment. You’ll need to deploy workload protection, including malware protection and file integrity monitoring, across your virtualized instances. You may also wish to consider proactive activities such as penetration testing and threat hunting to assess areas of your environment and their susceptibility to penetration. Having a solid Incident Response plan and practicing that plan across multiple scenarios is important.
Back up data
A sound backup/disaster recovery system can ensure that you maintain access to critical data even if your organization suffers a ransomware attack. Be sure to validate that backups cannot be corrupted as part of any attack and test the restore capability.
Scan and patch
Scan regularly for vulnerabilities and patch higher-risk applications as quickly as possible to minimize data exposure.
Train your employees
Security Awareness Training and anti-phishing programs can help to improve the vigilance of your employees to email-borne and social engineering attempts.
Stay alert
Segmentation and whitelisting can help to prevent lateral movement by threat actors. Data Loss Prevention tools also can be valuable. Since resources are limited, you’ll want to classify and prioritize your data protection strategy, starting with the applications and data that is most sensitive.
Good Cybersecurity Protects from Data Theft and Manipulation
Your organization may never experience a data manipulation attack. With the exception of ransomware, they are still relatively rare and concentrated in certain high-risk industries. Since the stakes are high, however, you may still want the peace of mind that adequate data security can provide.
Fortunately, the same protections you’ve put in place to protect against other threats also can provide protection against data disruptions. A solid security posture coupled with backup/disaster recovery can preserve the integrity of your data while addressing the full spectrum of potential cyberattacks.