How To Prevent Data Manipulation Attacks

The adversary has found a way in and more than likely identified the data they’re after. They simply need to exfiltrate it—the last step of the kill chain—to land the final blow.

In some scenarios, however, it’s what the attacker doesn’t do that could have a more devastating outcome on the enterprise.

Data manipulation attacks—attacks in which adversaries don’t take data but instead make subtle, stealthy tweaks to data usually to elicit some type of gain—can be just as, if not more crippling for organizations than theft. The ability of attackers to manipulate and shift data around is a real threat, one that could cause widespread financial and even physical harm, if done successfully.

Consider the stock market. Hypothetically speaking, if an attacker were to successfully breach the IT systems and databases responsible for updating a stock ticker symbol and manipulate data to show a billiondollar tech giant like Apple, Microsoft, Google, or Amazon taking a nose dive, it would cause immediate chaos, and panic would ensue. It could result in people selling off their stocks in a frenzy—the culmination of a deliberate and effective attack.

Data manipulation attacks don’t always have to result in a tangible financial gain. If an attacker managed to carry out a similar attack against health record information for patients in hospitals and altered critical data like drug dosages and prescriptions that need to be administered, it could result in sickness or even death.