Tomorrow’s Cyber Problem

Steve Horvath
Stephen Horvath
July 13, 2015 • 4 min read

On a number of occasions I have been asked, “Is cyber security, as a discipline, evolving quickly enough to defend against emerging threats?”

I will concede that based on recent events, such as the high-profile breaches at Target, Home Depot, Sony, and most recently the incredibly inept blunder at OPM, it seems as though the last year and a half has flown in the face of everything our industry has worked to advance.

I contend that, as a discipline, information security has become better in every way over the past 20 years.  But even as it continues to improve, reducing the number of breaches to zero is like trying to reduce the national automobile accident rate to zero.  Not only is it financially prohibitive, but also largely impossible.

With the exception of the OPM incident, which is quite possibly the most devastating breach to have ever occurred, most data breaches are considerably less scary than they once were perceived to be.  Lost or stolen data can be very expensive to the violated organization or company, but most of the time it is little more than an inconvenience to the impacted individuals.  Data breaches can be mitigated, responded to, and managed via credit and identity monitoring — which in today’s world, is a necessity regardless of an individual’s information being compromised.

The unauthorized access or exfiltration of data is quickly becoming a “yesterday” problem.  I’m very concerned, however, with the lack of awareness concerning a much darker problem area – the manipulation of data without the appearance of compromise.

Data manipulation threatens the integrity of data – the “I” in the “CIA triad” of information security. Everyone who relies on data for decision-making assumes (sometimes blindly – without validation) that the data is trustworthy and accurate.  So it’s essential to ensure that data hasn’t been deliberately altered by unauthorized parties in order to achieve some nefarious goal.

The threat of data manipulation jeopardizes this ability to act with confidence in managing the operations of an enterprise.  Because once inside, the bad actor could manipulate the data and retreat unobserved.

Imagine the following scenarios:

  • A mining company hires a group of hackers to quietly compromise a competitor’s research data used to determine the location of a rare element or ore. The hackers then modify that research data to reflect an area that doesn’t contain that desired element, causing the competitor to waste millions of dollars on a red herring.  Without obvious indicators, the hackers delete all digital footprints to ensure the compromise and modification goes entirely unnoticed.
  • Now imagine a bad actor was able to obtain access to your health information, altering your health records to make you believe you have a specific disease. Or, if those same hackers were able to change the medication type and dosage on your digital prescription information, and leave completely undetected.

Whether an insider threat or an expertly skilled attacker – the future of our industry will always be about keeping the bad guys out, identifying them if they find a way in, and ensuring our information is credible.

The art of the possible keeps me up at night more now than ever before.  Our entire world is connected and available online; whether you participate in social media or not… almost every part of your life either exists digitally or is recorded in digital form.

What part of your digital life and identity is accurate and authentic?  Can you prove it?  Has someone altered it?  Can you prove that?  These will be the major challenges confronting information security professionals in the coming years.  In a world where breaches are commonplace, it’s imperative that we develop solutions to verify the integrity and authenticity of data and information.

 

Steve Horvath
Stephen Horvath
Vice President, Strategy and Cloud
Stephen Horvath is the vice president of strategy and cloud at Telos Corporation.
Read full bio

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.