Alex Vovk, CEO and co-founder of Netwrix, examines the practical applications for dealing with the data tampering threat outlined by the NSA’s Admiral Michael Rogers earlier this year.
Earlier this year Admiral Michael Rogers, head of the NSA and the US Cyber Command, talked about the top three threat factors that keep him awake at night. If the first two – the fear of online attacks against US critical infrastructure and non-state terrorist groups changing how they use online resources – were to be expected many may have found the third one – data tampering – a bit of a surprise.
Admiral Rogers warned that instead of stealing sensitive data hackers may in the near future decide to simply tamper with it materially. In his view this has the potential to become the biggest threat to companies regardless of their size or industry since it raises the spectre that organizations will no longer be able to fully trust their own data.
In order to be better equipped to mitigate this emerging threat there are a number of measures we advise customer IT departments to take.
Improve data visibility
There’s no shortage of vulnerability assessment and network monitoring vendors claiming to be able to provide visibility into the many thousands of processes across enterprise systems. But the devil is often in the detail. If the technology delivers too much information then pinpointing critical evidence can be like trying to find a needle in a haystack. If this is the case it’s time for a rethink. The technology has to be able to go deeper yet remain easy-to-use, providing the IT department with a detailed picture of who did what to individual data records, along with where and when. The system also needs to have a built-in record of who has authorized access to what files in the IT environment.
Incorporate behaviour analytics
Hackers are well versed in evading an organization’s perimeter defences. A favourite method is to plant malware inside the network via emailed spear-phishing attacks. Real-time behaviour analytics applications inside the network can process large volumes of data and conduct comprehensive root cause analysis. This, in turn, leads to faster detection rates and helps to mitigate the risk of attacks persisting once inside the network.
Implement Artificial Intelligence (AI)
Machine learning is one of the most effective technologies at mining data to unearth security issues hidden in Big Data. Some organizations already use a combination of data mining and artificial intelligence to identify infected machines on the corporate network. The ability to convert large volumes of raw data into actionable intelligence is key to organizations in the fight back against attackers. The technology allows them to discover patterns that can be used to identify compromised data and take the necessary mitigating action.
In conclusion, as cyber-criminals continue to develop ever more sophisticated attack vectors so organizations must continually evolve their defence strategies. Adjusting security methods in line with the emerging threat landscape and moving toward a risk-based culture is half the battle. As Admiral Rogers noted, industry and government need to stop talking past each other. Only by working together can they combine to policy-making with technical advances that can help organizations mitigate risks to sensitive data and make the cyber environment safer and more secure.
Netwrix Corporation provides IT auditing software that delivers complete visibility into IT infrastructure changes and data access, including who changed what, when and where each change was made and who has access to what. Over 150,000 IT departments worldwide rely on Netwrix to audit IT infrastructure changes and data access, prepare reports required for passing compliance audits, and increase the efficiency of IT operations.