Data drives the modern enterprise. From making product and service recommendations based on past consumer choices to determining market opportunities and business risks to testing how a product or service will perform, data is embedded into almost every enterprise decision, interaction and process.
It's nearly impossible to assure integrity and quality of data in real time, however. In fact, most organizations believe a third of their data is inaccurate in some way. This dirty data disrupts businesses and makes data a dangerous weapon for attackers to target and exploit.
3 dirty data cybersecurity concerns
The Information Security Forum (ISF) predicted dirty data will be the catalyst for the following emerging cybersecurity concerns by 2024.
1. Attackers will get good at poisoning data
In a bid to improve their success rates and evade law enforcement, attackers continue to experiment with new techniques and launch stealthier, more targeted attacks. Threat actors actively look for disinformation so they can damage the reputation of an entity, mislead consumers or influence the outcome of an event. ISF predicted threat actors will shift their attention toward illicit data manipulation to compromise the accuracy and credibility of information, thus puncturing the integrity of the data organizations use to drive their businesses forward.
2. Misleading signals will subvert cyber fusion centers
Cyber fusion centers are intradepartmental collaborative efforts designed to shoulder the responsibility of cybersecurity by facilitating communication between different teams. Fusion centers integrate automation tools and curate data from various sources to find insights that guide decision-making. ISF predicted attackers will exploit the influence cyber fusion centers have over business operations. Attackers will use misinformation and data distortion to cause security teams to chase and react to false events and intelligence data, inadvertently disrupting the businesses they are trying to protect.
3. Digital twins will double the attack surface
A digital twin is a digital replica of a physical thing, such as a wind turbine or a jet engine, that uses simulation and machine learning to collect data points based on real-world behaviors. Manufacturers are accelerating the adoption of digital twins to optimize product development, enhance tracking capabilities and predict business outcomes.
Since digital twins employ real-world data, anyone with access to the twin can see critical information about its physical counterpart. Attackers can use vulnerabilities in digital twins and other techniques, such as data subversion, to prolong manufacturing and supply chain downtime. Attackers' efforts can be further assisted by poor defenses, internal network issues and inherent weaknesses in industrial control systems (ICSes), operational technology (OT) and IoT systems hardware.
How organizations can protect themselves
To mitigate these emerging threats, ISF recommended the following.
Enumerate critical assets
The first step is to enumerate critical information assets: Where are they located? Who has access? How are they protected? Next, review external sources of data to determine their level of QA and implement processes to ensure those levels are maintained to an acceptable standard. Aim to prepare, implement and maintain an organizational playbook for responding to incidents of data poisoning.
Also, consider implementing platforms with built-in capabilities for data governance and data stewardship, as these include measures to troubleshoot and monitor all aspects of data management, including data integrity.
As the cyber fusion center develops, pay particular attention to the integrity of data and intelligence inputs. Regular scrutiny of automation systems and their ability to freely operate across the business, including their potential to cause disruption, is key. Set thresholds for automation that don't conflict with safety and reliability requirements. Categorize, develop and rehearse response plans for a sudden data integrity issue in the cyber fusion center.
Implement data sanitization techniques to further assure the integrity of telemetry and intelligence feeding the cyber fusion center. Also, establish measures that enable business and technology teams to collaboratively optimize the cyber infusion center's accuracy and efficiency.
Get to know digital twins
Familiarity with digital twins and their connections to the wider enterprise will help security teams better monitor and manage them. Draw up and maintain an asset register of ICSes, as well as OT and IoT systems. Build relationships with digital twin suppliers to assess their security stances. Look for vulnerabilities in the software linkages between digital twins and their physical counterparts. Segment networks to keep operational systems separate, and implement verification and validation processes. Consider setting up a rapid response system overseeing interaction between digital twins and their counterparts.
Dirty data is a symptom, but what's more important is how the data got dirty. Identify root causes, focus on mitigating those risks, and establish a clear and continuous process to reevaluate cyber-risks at regular intervals. Businesses that proactively monitor the integrity of their data and intelligence sources not only make better business decisions, but enjoy a greater competitive advantage and trust from stakeholders.
About the author
Steve Durbin is chief executive of the Information Security Forum, a not-for-profit association dedicated to investigating, clarifying and resolving key issues in information security and risk management by developing best practice methodologies, processes and solutions that meet the business needs of its members. ISF membership comprises the Fortune 500 and Forbes 2000.