With the CIA Triad, confidentiality commands much of the attention. Organizations fret over the unauthorized disclosure of their data, so they try to reduce the risks of that type of an incident. In so doing, however, enterprises commonly overlook the other two, integrity in particular.

Ron Ross, a fellow at the National Institute of Standards and Technology (NIST), thinks it’s a mistake for organizations to forget about integrity. He feels that way because of how an integrity-related security event can undermine the entire CIA triad.

DevOps Connect:DevSecOps @ RSAC 2022

“If you have a compromise of integrity, it can affect both availability and confidentiality,” he explained. “The malicious code can wreck confidentiality by getting access to things it shouldn’t have access to and seeing things it shouldn’t. Alternatively, compromising key components of a system through an integrity violation can make the system crash and the capability go away. That’s an availability issue. With that said, I don’t think we spend enough time talking about integrity. We’re focused on unauthorized disclosure when in reality integrity is right up there at the top and maybe one of the most important components.”

Integrity-Based Threats on the Rise

Integrity-related threats such as the ones described by Ross aren’t theoretical in nature. Attackers are already targeting organizations to compromise the integrity of their data and systems.

Take ransomware. In its Cost of a Data Breach Study, IBM found that ransomware attacks cost an average of $4.62 million in 2021—more than the typical data breach price tag of $4.24 million. Security researchers detected 623 million ransomware attacks during that same period, noted PRWeb, constituting a 105% year-over-year increase.

The effects of a ransomware infection or another integrity-related attack on an enterprise’s IT environment can be devastating. It can be even more serious for organizations (Read more...)