Data is the engine of modern business. Whether making product and service recommendations based on past consumer choices, determining market opportunities and business risks, or testing the performance of a product or service, data are embedded in nearly every business decision, interaction, and process.
However, it is almost impossible to ensure the integrity and quality of data in real time. In fact, most organizations believe that a third of their data is inaccurate in some way. This dirty data disrupts businesses and turns data into a dangerous weapon that attackers can target and exploit.
3 dirty data cybersecurity issues
The Information Security Forum (ISF) has predicted that dirty data will be the catalyst for the following emerging cybersecurity issues by 2024.
1. Attackers will get good at data poisoning
In an effort to improve their success rate and evade law enforcement, attackers continue to experiment with new techniques and launch stealthier, more targeted attacks. Threat actors actively seek out misinformation in order to damage an entity’s reputation, mislead consumers, or influence the outcome of an event. ISF predicted that threat actors will turn their attention to illicit manipulation of data to compromise the accuracy and credibility of information, thereby undermining the integrity of the data organizations use to drive their businesses forward.
2. Misleading Signals Will Subvert Cyber Fusion Centers
Cyber Fusion Centers are cross-departmental collaborative efforts designed to take responsibility for cybersecurity by facilitating communication between different teams. Fusion centers integrate automation tools and organize data from various sources to find insights that guide decision-making. ISF predicted that attackers will exploit the influence of cyber fusion centers on business operations. Attackers will use disinformation and data distortion to trick security teams into pursuing and reacting to false events and intelligence data, inadvertently disrupting the businesses they are trying to protect.
3. Digital twins will double the attack surface
A digital twin is a digital replica of a physical object, such as a wind turbine or jet engine, that uses simulation and machine learning to collect data points based on real-life behaviors. Manufacturers are accelerating the adoption of digital twins to optimize product development, improve tracking capabilities, and predict business outcomes.
Since digital twins use real-world data, anyone with access to the twin can see critical information about their physical counterpart. Attackers can use digital twin vulnerabilities and other techniques, such as data subversion, to extend manufacturing and supply chain downtime. Attackers’ efforts can be further aided by poor defenses, internal network issues, and inherent weaknesses in industrial control systems (ICS), operational technology (OT), and IoT system hardware.
How organizations can protect themselves
To mitigate these emerging threats, ISF recommended the following.
List critical assets
The first step is to list the critical information assets: where are they located? Who has access? How are they protected? Next, review external data sources to determine their level of quality assurance and implement processes to ensure these levels are maintained at an acceptable level. Aim to prepare, implement and maintain an organizational manual for responding to data poisoning incidents.
Also consider implementing platforms with built-in features for data governance and stewardship, as these include measures to troubleshoot and monitor all aspects of data management, including data integrity .
As the cyberfusion center grows, pay close attention to the integrity of data and information inputs. Regular review of automation systems and their ability to operate freely in the business, including their potential for disruption, is essential. Set automation thresholds that don’t conflict with security and reliability requirements. Categorize, develop and rehearse response plans for sudden data integrity issues in the cyber fusion center.
Implement data sanitization techniques to further ensure the integrity of telemetry and intelligence feeding the Cyber Fusion Center. Also establish metrics that allow business and technology teams to collaboratively optimize the accuracy and efficiency of the cyber infusion center.
Get to know digital twins
Knowing about digital twins and their connections to the wider business will help security teams better monitor and manage them. Establish and maintain an asset register of ICS, as well as OT and IoT systems. Build relationships with digital twin vendors to assess their security postures. Look for vulnerabilities in the software links between digital twins and their physical counterparts. Segment networks to separate operational systems and implement verification and validation processes. Consider implementing a rapid response system overseeing the interaction between digital twins and their peers.
Dirty data is a symptom, but more important is how the data got dirty. Identify root causes, focus on mitigating those risks, and establish a clear and ongoing process to reassess cyber risks at regular intervals. Companies that proactively monitor the integrity of their data and intelligence sources not only make better business decisions, but enjoy increased competitive advantage and increased stakeholder trust.
About the Author
Steve Durbin is the Managing Director of the Information Security Forum, a non-profit association dedicated to the study, clarification and resolution of key issues in information security and risk management by developing best practice methodologies, processes and solutions that meet the business needs of its members. ISF membership includes the Fortune 500 and Forbes 2000.