Why Maintaining Data Integrity is Critical in Incident Response

February 11, 2020

The National Cybersecurity Center of Excellence has released a draft version of the NIST Cybersecurity Practice Guide SP 1800-26, Detecting and Responding to Ransomware and Other Destructive Events.

The proposed guide is intended to act as a best practice document to support organizations detecting and responding to data integrity events which can put an organization’s security infrastructure at risk, causing reputational damage. This guide makes the important distinction between data integrity and data security.

Data Integrity vs. Data Security

Data integrity refers to the accuracy of your data, while data security refers to the protection of such data.

While maintaining data security is important, preserving data integrity is just as important, if not more so. Data integrity can be compromised as a result of insider threats (e.g. human error), ransomware, misconfigurations, compromised software or hardware, and cyber attacks.

Organizations must be aware of risks to data integrity and implement the necessary solutions to ensure that data integrity attacks don’t compromise the trustworthiness of the data.

According to NIST, these risks can be reduced by enabling:

• Mitigation and containment
• Reporting capabilities
• Event detection
• Vulnerability management
• Integrity monitoring

In addition, NIST notes that developing this guide aims to “focus on detailed methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. It also identifies tools and strategies to aid in a security team’s response to such an event.”

Jerry Nguyen, Herjavec Group’s VP of Threat Management & Incident Response, agrees that this framework is a definite step in the right direction.

“Organizations need to ensure that any data has not changed as a result of a security incident. During the Recovery/Remediation phase of an IR engagement, it’s critical to verify that the right data is being restored so data integrity can be maintained. While our HG Incident Response team has independently developed similar guidelines for our enterprise customers, it’s great that there will be a standardized framework for this purpose.”

A full draft of the NIST guide can be downloaded here.

To learn more about Herjavec Group’s Incident Services, please connect with a security specialist.