What is data manipulation? A misconception is that hackers always steal data, but this assumption is incorrect. Data manipulation attacks occur when an adversary does not take data, but instead makes subtle, stealthy tweaks to data for some type of gain or effect. These subtle modifications of data could be as crippling to organizations as data breaches. Data manipulation may result in distorted perception by shifting data around, which could lead to billions of dollars in financial loss or even potential loss of life, depending on the system in question, and the type of data being altered. In some scenarios however, what the attacker does not do may have a more devastating outcome within the data space entity framework. The goal may be to manipulate data to intentionally trigger external events that can be capitalized. The higher the value of the fraud, the greater the chances are that the fraud has compromised data integrity. If the data manipulation does not occur on a specific date but is conducted over several weeks or months, it may be virtually impossible to correct this problem through a single system restore. Read the CSIAC Report to learn more about data manipulation: https://www.csiac.org/csiac-report/data-manipulation/
The CSIAC Podcast - Data Manipulation
Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/
Presenters

Charlie Merulla

Steve Warzala

Very insightful. Data manipulation cyber attacks are not as mainstream or as well known as other forms of attacks. Considering the effectiveness of unknown and tiny little changes to information here and there, the consequences can be enormous whether financially or politically motivated.
Data manipulation in my industry (central banking) can have serious financial and even economic ramifications . Any thoughts on new tactics/techniques to secure data and prevent such threats from materialising?
Very timely. Thanks for sharing. Next level of analysis can involve mitigation for data manipulation at rest, in transit and during usage inside a computer system by rogue processes.