Data Provenance Challenge

We all use information on the corporate network under the assumption that it is correct, and can be relied upon, for analysis and decision making, and in the event of it being incorrect, we may accidentally facilitate catastrophic business failures.

Ransomware and other cyber attacks may modify legitimate business data for illegitimate purposes, and those changes may be extremely difficult for business users to detect, and in some cases they may even be impossible for users to detect. These type of attacks are dominated by organised crime syndicates, who offer the attacks as a service, almost like a franchise.

The capabilities of these syndicates will vary, but some are comparable to the big multinationals or even nation states, and will probably exceed the defensive capabilities of any small or medium enterprise. It is reasonable to assume that the treat posed to any specific enterprise depends on the cost-benefit analysis from the crime syndicate’s perspectives, but it may also depend upon their motivation.

The motivation of these organised crime syndicates will vary, and in addition to the more obvious economic factors, they may include social and political factors, which are potentially influenced by their relationships with government leaders, the security services, and the military in their country of residence and elsewhere.

Historically, business computer systems were simply designed to deliver the desired functionality, without much regard for system errors and failures. More recently designed business computer systems specifically address the business need for resilience against system errors and failures, and the relevant skills and capabilities are becoming more common.

However, they do not typically address the possibility of intentional attacks to any meaningful extent. Fortunately, the global growth in cyber attacks is starting to affect the way that business systems are designed, and systems builders are starting to engage security systems specialists, but there is a global shortage of such expertise, so this isn’t an easy or quick fix.

One of the challenges for business systems developers is the enormous range of vulnerabilities and potential attacks that need to be considered, and particularly the range of attacks that give total control of the user’s computer to the attackers. In such circumstances, the attackers can display anything that they choose, and the user’s computer becomes a tool that attackers can use to manipulate the user to take actions that are not in the best interest of the enterprise.

Another challenge, which logically follows from such capabilities, is that business data can be created, updated or deleted using legitimate user credentials that are controlled through the user’s computer. Attackers can use such capabilities to encrypt primary storage systems and delete backup copies, but they can also use it in more sophisticated ways to undermine the integrity of the entire organisation, or even as a springboard for attacks against other related organisations, such as customers, supplier and partners.

There are obvious technical controls that can be used to mitigate such attacks, like distributed persistent storage with version history and digital signatures, which are core features of our Encrypted Blockchain Technology.

However, these technical controls need to be supported by security hardened business processes, which directly engage the users in validating the integrity of specific business data, and more generally in assuring the provenance of all data that is used to support business decision making and advise to customers, suppliers and partners.