In a keynote panel debate at Infosecurity Europe, data integrity attacks have been described as a real problem and as a future cyber crime threat.
Moderator Bob Tarzey, director of Quocirca, claimed that attacks on data were an area of concern and the problem lay in how to mitigate against the problem. Commenting, Jericho Forum board member and global vice president of information security at Commerzbank Andrew Yeomans, said: “This is a problem for the industry as a whole, and the main concern is systems protecting against it. Much of security is concentrated on confidentiality and it is not concerned about giving the same degree of protection.”
Scott Borg, speaking on behalf of the US Cyber Consequences Unit, commented that the largest data integrity attack commonly seen was students changing their grades online, but there was an insider threat challenge with disgruntled employees and ‘that level of crime in the future is what we are worried about'.
Dwayne Melancon, vice president of log management at Tripwire, said: “If someone changes data and someone impacts a critical component, there are paths that are able to know what is happening but this is something that a human element will not follow and you have to have clear policies on data, and what it should look like.
“You should be able to look at the data and see how it was changed, it comes down to managing people, processes and technology.”
Tarzey further commented that the next big problem will be protecting data against attacks, and asked the audience how many were very confident of protecting their data against attacks, with none responding. When he asked how many were ‘very unconfident', most of the delegates' hands were raised.