With the CIA Triad, confidentiality commands much of the attention. Organizations fret over the unauthorized disclosure of their data, so they try to reduce the risks of that type of an incident. In so doing, however, enterprises commonly overlook the other two, integrity in particular. Ron Ross, a fellow at the National Institute of Standards and Technology (NIST), thinks it’s a mistake for organizations to forget about integrity. He feels that way because of how an integrity-related security event can undermine the entire CIA triad.
“If you have a compromise of integrity, it can affect both availability and confidentiality,” he explained. “The malicious code can wreck confidentiality by getting access to things it shouldn’t have access to and seeing things it shouldn’t. Alternatively, compromising key components of a system through an integrity violation can make the system crash and the capability go away. That’s an availability issue. With that said, I don’t think we spend enough time talking about integrity. We’re focused on unauthorized disclosure when in reality integrity is right up there at the top and maybe one of the most important components.”
Integrity-Based Threats on the Rise
Integrity-related threats such as the ones described by Ross aren’t theoretical in nature. Attackers are already targeting organizations to compromise the integrity of their data and systems. Take ransomware. In its Cost of a Data Breach Study, IBM found that ransomware attacks cost an average of $4.62 million in 2021—more than the typical data breach price tag of $4.24 million. Security researchers detected 623 million ransomware attacks during that same period, noted PRWeb, constituting a 105% year-over-year increase. The effects of a ransomware infection or another integrity-related attack on an enterprise’s IT environment can be devastating. It can be even more serious for organizations that maintain the nation’s critical infrastructure. Such an incident can undermine the host country’s national security, weaken the global economy, and threaten public safety. Organizations need to defend themselves against integrity-related threats. To do so, they should consider turning to NIST’s Cybersecurity Framework.
The Gist of NIST
Published by the National Institute of Standards and Technology (NIST) in 2014, the Cybsersecurity Framework (CSF) is designed to help critical infrastructure organizations address security challenges in their Operational Technology (OT) environments. Even so, its common language makes the Framework accessible to organizations in every sector. Companies can therefore use the Framework to confront ransomware and other threats facing their industry. NIST’s Cybersecurity Framework constitutes a risk-based approach by which organizations can accelerate their efforts to create a digital security strategy, reduce miscommunication among security staff, and heighten awareness of threats across the organization. That includes building awareness within the Board of Directors, as Ross rightly notes. “A key piece of security is integrity,” he explained. “That needs to be an important consideration at the Board level. Once they say integrity is important to this company because they want to protect the company’s intellectual property or want to make sure that intellectual property is not changed or have integrity in the things the company is producing for its customers, those things get conveyed down to the people who are in the operational chain below or the development chain. So, if you’re developing a system or a product, that development work has to have high integrity, too, because management wants to make sure that what they’re producing is what the customer gets and they can be trusted to be giving customers what they expect.”
The NIST Framework to the Rescue!
Enterprises can use the NIST CSF to protect against integrity-themed threats. They can do so by pairing it with NIST 800-53, the Center for Internet Security’s (CIS) Critical Security Controls (CSCs), and other control sets that enable integrity management including security configuration management (SCM) and file integrity monitoring (FIM). They can also use the Framework to triage their systems based on how an integrity-related attack could affect the business. The Framework facilitates protective strategies via the following five core functions:
- Identify: Understand the business context and resources that support critical functions as well as their associated security risks.
- Protect: Enforce safeguards to ensure the delivery of a given service.
- Detect: Create activities that can assist in the discovery of a security incident.
- Respond: Develop procedures that can help contain the impact of a security event.
- Recover: Implement measures that can facilitate the organization’s transition back to normal operations after a security incident.
Each of those features allow organizations to strategize against integrity-based threats. They can essentially lay out the foundations for where they want to go. With that groundwork in place, enterprises can then create a security program in pursuit of that goal. For more information on how organizations can use NIST’s Cybersecurity Framework to defend against integrity-based attacks, download this whitepaper.
5 Things Your FIM Solution Should Be Doing for You
Discover the pivotal role of File Integrity Monitoring in maintaining system security and compliance with major standards. Tripwire Enterprise stands out as an advanced solution, offering real-time detection and detailed context for system changes, making it a superior choice for robust cybersecurity.