Data Manipulation: The dangerous data hack that you won’t even notice

[Commentary] A recent wave of cyberattacks—from WannaCry and Equifax to the alleged Russian influence on the US election—has demonstrated how hackers can wreak havoc on our largest institutions. But by focusing only on hackers’ efforts to extort money or mess with our political process, we may have been missing what is potentially an even scarier possibility: data manipulation. Imagine that a major Big Food company gets hacked. But this time, instead of leaking the company’s proprietary information to the public or freezing its systems with ransomware, the hackers subtly manipulate the data on which the company relies.  Because of the opportunity that data manipulation provides, we need to take simple steps now before this kind of hack becomes more common. First, we need to design systems that are carefully watching for manipulation: Hard or offline backups are essential, and data holders should develop systems to regularly compare live versions of their data to their backups. (According to Osterman Research, most companies don’t do this continuously, and some don’t do it at all.) We also need better database oversight, such as systems designed to identify precisely when data has been manipulated. 

[Betsy Cooper is the Executive director, Berkeley Center for Long-Term Cybersecurity]