How top cybersecurity companies are protecting data integrity
When we think of protecting data, our minds generally jump to keeping private data private. For instance, protecting sensitive information such as medical records, financial information, intellectual property, passwords, names, addresses, credit card and social security numbers from getting into the wrong hands. But what happens when a hacker’s goal isn’t to steal the data but to manipulate your data without your knowledge? We are often made aware of a data breach when the once private data turns up online as public data — as it did with the now infamous POS breach of 70 million names, addresses and credit card numbers of Target shoppers. But if the data never turns up in an online forum, how many breaches may go unnoticed?
In some ways, the effects of data manipulation could far outweigh the costs of a data breach. Imagine a drugmaker who receives FDA approval for a new gene therapy drug based on compromised data — which is what happened with Novartis and their approval of Zolgensma. Or even a coffee maker such as Lukin Coffee who last week assigned a committee to investigate the possibility of internal data manipulation in its sales and marketing numbers which resulted in an overnight 80% drop in the company’s market capitalization. Events like these leave employees, investors and customers shocked at not only the financial loss but also the realized vulnerability of their systems. And of course, with every election, we see the reports of voter data manipulation as political opponents and foreign powers aim to disrupt elections here and abroad. Even today we see the World Health Organization reporting that cyberattacks on its networks and systems have more than doubled during the onset of the COVID-19 coronavirus outbreak. Imagine how the global economy can be swayed by simply changing reported data such as rate of infections or mortality in various regions.
Data integrity requires accuracy and consistency (validity) of data over its lifecycle. This means when data is changed, who changed it, how it was changed and why it was changed is known. But it also means the data is reviewed to ensure there were no unapproved changes or errors introduced. In the case of the FDA recommendations, steps towards data integrity are summarized as:
- Data must be attributable, legible, accurate and contemporaneously recorded
- Include metadata such as title, author, date/time stamp and structure
- Require audit trails for all sensitive data as a secure, computer-generated, time-stamped record to enable reconstruction of creation, modification and deletion events
Digital Quality Management Systems (QMS) are designed to automatically perform all of the above steps and are a critical component to protecting data integrity. But even with a QMS in place, the goal is still to harden and protect your network and systems to stop bad actors before they have a chance to steal or manipulate your data. Along with implementing a QMS, top cybersecurity firms will safeguard your systems with:
- Multi-factor authentication
- Data encryption
- Understanding your data and defining user-level access
- Firewalls
- Advanced Endpoint Protection
- Threat Hunting
Including data integrity as a state of data but also a process withing your security policy is critical with today’s increasing cyber threats. We live in a data-driven world; but, we must also work with our security teams to ensure the data we rely on can be trusted. Consult with your cybersecurity firm to establish data integrity standards into your business and stay a step ahead of the hackers.