When it comes to the CIA triad, confidentiality generally commands most of the attention. Organizations are worried about the unauthorized disclosure of their data, so they concentrate on reducing the risks of that type of an incident.
In so doing, however, enterprises commonly overlook the other two triadic elements, integrity in particular.
Ron Ross, a fellow at the National Institute of Standards and Technology (NIST), thinks it’s a mistake for organizations to forget about integrity. He feels that way because of how an integrity-related security event can undermine the entire CIA triad:
“If you have a compromise of integrity, it can affect both availability and confidentiality. The malicious code can wreck confidentiality by getting access to things it shouldn’t have access to and seeing things it shouldn’t. Alternatively, compromising key components of a system through an integrity violation can make the system crash and the capability go away. That’s an availability issue. With that said, I don’t think we spend enough time talking about integrity. We’re focused on unauthorized disclosure when in reality integrity is right up there at the top and maybe one of the most important components.”
Integrity-Based Threats on the Rise
Integrity-related threats such as the ones described by Ross aren’t theoretical in nature, either. Attackers are already targeting organizations to compromise their data and system’s integrity.
Take ransomware, for instance. According to a report published by Cybersecurity Ventures, the global costs of ransomware surpassed $5 billion in 2017. That’s a 15 percent increase in just two years. The report also estimates that ransomware attacks will continue to grow by 350 percent annually.
The effects of a ransomware infection or another integrity-related attack on an enterprise’s IT environment can be devastating. It can be even more serious for (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/featured/nists-cybersecurity-framework-integrity/