Data Manipulation - CSIAC REPORT
Keywords:
Data Security, Manipulation, Alteration, CIA, Data Manipulation Attacks
Confidentiality, Integrity and Availability
In terms of cybersecurity, the Confidentiality, Integrity and Availability, also known as the CIA
Triad, is a benchmark model for the development of security policies used to govern and
evaluate how an organization handles data when it is stored, transmitted or processed. All risks,
threats, and vulnerabilities are measured for their potential capability to compromise one or all of
the CIA triad principles. Let's look at the definitions of CIA: Confidentiality—protecting the
information from disclosure to unauthorized parties; Integrity—protecting information from
being modified by unauthorized parties; Availability—ensuring that authorized parties are able
to access the information when needed.
Data Manipulation
What is data manipulation? A misconception is that hackers always steal data, but this
assumption is incorrect. Data manipulation attacks occur when an adversary does not take data,
but instead makes subtle, stealthy tweaks to data for some type of gain or effect. These subtle
modifications of data could be as crippling to organizations as data breaches. Data manipulation
may result in distorted perception by shifting data around, which could lead to billions of dollars
in financial loss or even potential loss of life, depending on the system in question, and the type
of data being altered. In some scenarios however, what the attacker does not do may have a
more devastating outcome within the data space entity framework. The goal may be to
manipulate data to intentionally trigger external events that can be capitalized. The higher the
value of the fraud, the greater the chances are that the fraud has compromised data integrity. If
the data manipulation does not occur on a specific date but is conducted over several weeks or
months, it may be virtually impossible to correct this problem through a single system restore.
Hypothetical Data Manipulation Attack Examples
Let's examine several hypothetical data manipulation examples. Can you imagine what would
occur if a stock ticker symbol was manipulated to show a billion-dollar tech giant like Apple,
Microsoft, Google, or Amazon having extreme financial gains or losses? It could cause
immediate chaos and/or panic and could be used to target a competitor.
