Many of us in the cybersecurity world have followed this general mantra: protect the data, protect the data, protect the data. It’s a good mantra to follow, and ultimately that is what we are all trying to do. But there are different ways to protect data. The obvious method is to make sure it doesn’t get ripped off, but as we have noted in previous pieces, the lexicon we use can be troublesome at times. This is particularly true when there is room for cultural interpretation (that’s one of the reasons why curbing international cybercrime is real hard). That lexicon problem extends into many different areas, including what “protecting” the data means. “Protecting” data goes well beyond making sure it doesn’t get stolen. It means the data isn’t tampered with and is still usable, as it was originally intended to be used. That data can be financial statements, design schematics, or RFP bids. Here’s the key that makes the world go around and around: confidence. If counterfeit data starts to circulate widely, our confidence in the data begins to diminish. Therefore, it’s just a matter of time before I start asking: do I really trust this financial statement, design schematic – whatever really – to be legitimate? If I don’t, I got a problem. And if I no longer want to accept the data you’re giving me as legitimate, you got a problem, too. For those well-versed in the information security world, you’ve heard of the CIA triad (sometimes known as AIC triad to avoid confusion) consisting of Confidentiality, Integrity and Availability. Of those three elements, we are relatively confident that a lot of time is being spent on confidentiality and availability. It is integrity that we feel will be the silent killer, especially over time. Some bad people have figured out it’s a whole lot more beneficial to screw up your data and make you believe all is well in the data universe, as opposed to stealing it or holding it for ransom. Those who ransom or steal your data are run-of-the-mill criminals that are out to make a few bucks. By contrast, those that interact with your data are Dr. Evil types. They are the ones who are thinking long game and recognize it’s much more beneficial to slowly bleed you as opposed to giving you a serious dose of “the hurt.” And one way to slowly bleed you is to make you waste your time and resources on garbage and falsehoods. Let’s look at the following text message as an example:
Alice will transmit a map to Bob. This map will indicate a secret location where they are to meet, exactly at 1:00pm.
The more sensitive something is the more accuracy and precision matter. We’re going to ever-so-slightly change the message to prove a point:
Alice will transmit a map to Bob. This map will indicate a secret location where they are to meet exactly at 1:00pm.
Notice the difference? The first message has a comma before "exactly" – the second doesn’t. Doesn’t really change the message… or does it? If you’ve ever heard of “hashing” or a “hash function,” such as a “checksum,” you know exactly where we are going. A hash function is a means of taking some input data and running it through some function to generate an output string of what, on the surface, is meaningless. From that output string (which looks meaningless), it is virtually impossible to reconstruct the original message. But here is the benefit of hash functions: you can compare them. That means if you’re worried about the integrity of the data, there are means to ensure the data doesn’t get monkeyed with, whether it is in transit or in storage. You just have to compare the hash functions. So, let’s run the two messages through a SHA256 hash converter and see what we get.
Message 1: b0c27394946aeebf9d912c622e077ec7899645a499f726a71d6ba76490111151 Message 2: 97923aa6aab501a2a6e1c3175c77c33ef4064addfa25419315b8d4d79c7cc8d9
Amazing what one single comma can change, huh? Sure, in this message is probably didn’t make much of a difference but in certain cases, yeah, it can make a difference, even a life or death one depending on the value of the data where accuracy and precision are absolutely necessary. And this is just one of the ways to ensure data integrity. As we’ve noted in the past, encryption done right can solve a lot of your problems, especially – and you’ll love this if you didn’t know it already – you can run the encryption through a hash function. Just remember, though, that encryption on its own does not necessarily provide data integrity. The file could get corrupted or somebody still may be able to key the encryption key, alter the data, and send you what you believe to be something genuine. This is why timestamps and reviewing the metadata are integral pieces to the overall data integrity issue. There are other tactics, also. Some are very routine such as data backups, maintenance and audit, whereas others like blockchain and tokenization are a bit more complicated. We’ll talk about many of these in the follow-up piece to this article. Admittedly, the data integrity issue can get confusing as different techniques have different strengths and weaknesses. And often, you’ll see some sort of mix of tactics to ensure data integrity. Regardless, it’s an important issue to keep an eye on because of that entire confidence thing we talked about earlier. Without confidence, we’re going to run into a lot of problems that will not be easy to untangle. And that untangling will be mega-expensive. So, just remember – protecting your data is more than just preventing it from being stolen. It’s about your data not being monkeyed with. A bunch of ransomware attacks can get costly, but no single ransomware is going to bring down an enterprise. Get enterprises to waste their time with bogus data over time, and you’ll be seeing an “Out of Business” sign on their doors, something that the real Dr. Evils have figured out. This is why data integrity is the next big challenge that we see. Long term, this monkeying of data is a serious way to hurt an economy… and the national security of a country. Remember, it’s the economy, stupid. Don’t let anybody tell you otherwise.
About the Author: George Platsis has worked in the US, Canada, Asia, and Europe, as a consultant and an educator and is a current member of the SDI Cyber Team. For over 15 years, he has worked with the private, public, and non-profit sectors to address their strategic, operational, and training needs, in the fields of: business development, risk/crisis management, and cultural relations. His current professional efforts focus on human factor vulnerabilities related to cybersecurity, information security, and data security by separating the network and information risk areas. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
5 Things Your FIM Solution Should Be Doing for You
Discover the pivotal role of File Integrity Monitoring in maintaining system security and compliance with major standards. Tripwire Enterprise stands out as an advanced solution, offering real-time detection and detailed context for system changes, making it a superior choice for robust cybersecurity.
