Can you trust your data?

Protocol Enterprise

Hello, and welcome to Protocol Enterprise! Today: why data-tampering attacks — while rare today — could be the new ransomware, Salesforce tries to push the easy button, and the latest funding rounds raised by enterprise tech startups.

The ‘most nefarious’ data security threat

As Mike Tyson might've put it, every security team has a plan until it gets punched in the face.

Ransomware and the theft of sensitive data are huge, top-of-mind concerns for most enterprises, as they should be. But data tampering? That's the punch in the face they might not be expecting.

Data tampering — when a malicious actor makes a change in key data — could potentially become an even more serious threat for certain organizations depending on the situation.
In a hypothetical example of this type of attack, a threat actor might corrupt a portion of a public company's data and then publicize this fact, leaving it unable to close its books at the end of the quarter, former TD Ameritrade CTO Lou Steinberg told me.
"What happens when you can't trust your own data?" said Steinberg, who is now the founder of cybersecurity research lab CTM Insights. "This is a nightmare scenario."

And yet, while this type of attack is not totally unprecedented, it's still relatively rare and not on the radar for many businesses, experts told me.

But data tampering is poised to become a burgeoning threat in coming years, according to experts including Steinberg and former NSA security architect Will Ackerly.
Compared with other threats to data security, the manipulation of data is probably the "most nefarious and hardest to detect," said Ackerly, who is now co-founder and CTO of data security startup Virtru.
Current tools won't necessarily detect data changes by someone who appears to be an authorized user due to use of stolen credentials, or because they're a malicious insider.

The awareness needed to combat data manipulation threats is also not where it needs to be, experts said.

Most businesses are preoccupied with other data security issues, such as protecting the confidentiality of their data, said Heidi Shey, a principal analyst at Forrester. While that understandably takes precedence, she believes data-tampering threats are worth a “closer look” for many companies.
The threat isn't limited to changes in data values either: Thanks to the same AI-powered technology that's used to create deepfake videos, researchers say the threat of manipulated images, such as medical scans, is growing as well.
"Adversarial machine learning" attacks, in which an attacker dupes an ML model with false data during its training phase, could represent another variety of data manipulation attack, experts said.

Ultimately, the world continues to increase its reliance on data for its decision-making, said AU10TIX CEO Carey O'Connor Kolaja, "and that information can easily be manipulated."

Read the full story here.

— Kyle Alspach (email | twitter)

Sponsored content from DataRobot

DataRobot's AI Cloud for Financial Services Unlocks the Art of the Possible: DataRobot continues to attract clients in financial services who want to de-risk their AI investments and rapidly scale AI to almost every part of their operations, resulting in improved productivity and higher customer satisfaction.

Read more from DataRobot

Easy come, easy go

Today Salesforce announced Salesforce Easy, a new experience aimed at making the SaaS giant’s signature CRM service easier to use. Salesforce Easy allows customers to try out and buy the company’s CRM on their own, without going through a traditional sales channel or navigating as many steps as required by its older system.

The launch of Salesforce Easy could be an acknowledgement that the company’s tech isn’t as user-friendly as it should be: a fact well known in the industry, according to analysts, but one that Salesforce has been trying to change. The company’s acquisition of Slack, and elevation of product-focused leader Bret Taylor, are seen by many as moves toward a more design-conscious future.

The rise of shadow IT, where line-of-business users purchase software with their credit cards, makes it even more of an imperative that enterprises develop user-friendly software. It’s in part why the product-led growth approach typically touted by consumer software is also taking root within the enterprise.

The fact that Salesforce felt it needed a self-service option for its CRM is a telling sign of its maturity, and probably a step in the right direction. But just calling something easy doesn’t mean it actually is.

— Aisha Counts (email | twitter)

Financial corner

HiBob was valued at $2.45 billion after raising $150 million for its HR software.

BigPanda was valued at $1.2 billion after raising $20 million for its AIOps software.

DriveNets was valued at over $1 billion after raising $262 million for its software-based internet router.

Pliops raised $100 million to build data processors for cloud and enterprise data centers.

VidMob raised $110 million for its marketing analytics software.

Dianxiaomi raised $110 million for its cross-border ecommerce software.

Around the enterprise

Shares of Zoom plunged 8% in after-hours trading after the company missed Wall Street’s revenue expectations and lowered its guidance for the rest of the year.

Spammers are building web pages and sending phishing emails from sites hosted on AWS, taking advantage of the fact that it is so widely used as to be considered a safe domain by email scanning software, according to The Register.