In this guide, we will learn: What is a Security Compromise? – guide 2023
If you speak English, you probably are familiar with the word compromise in normal use. Specifically, accepting something that isn’t quite what you initially wanted because of some competing factor. There’s no real limit on what the competing factor can be. Cost is a classic example, as is time, effort, material limitations, and other people’s requirements.
In the world of cyber security, the word compromise is also used. The exact meaning though isn’t really the same. If you squint really hard, you could argue it’s a specific case, but it’d be a bit of a tough sell. A security compromise is the result of unauthorised access to data or a system. The exact details of the compromise and how severe it is can vary significantly. Important factors include the sensitivity of the data or system compromised, the scale and duration of the compromise, and the actions that were taken by the attacker.
Note: The specific case mentioned above would be: wanting a secure system but accepting that it isn’t/wasn’t because of proof to the contrary. This is less a deliberate compromise and more a forced reality-driven re-evaluation. It is also typically not just “accepted” but efforts are taken to resolve the issue.
For data to be compromised, an unauthorised party needs to have access to it. In the vast majority of cases, this will involve the unauthorised party being able to see the data. There are, however, scenarios where data could be blindly modified or deleted which would also be classed as the data being compromised. The compromise can affect the confidentiality or the integrity of the data, or potentially both.
If the data is not particularly sensitive, this may not be a massive issue. Typically, however, access restricted data is restricted for some reason. Payment details are a classic data point. If the confidentiality of payment details is affected, unauthorised parties may be able to use them for financial gain. Classified data, for example, may have national security ramifications If disclosed to unauthorised parties. In similar ways, if that data was modified there could be further issues. especially if that modification was not noticed for some time.
Once data as been compromised the cat is out of the bag. The method of access can be resolved but the data is out there. Knowing what data was accessed can allow further damage limitation proceedings to occur. This may be especially important if the data was modified.
Generally, if your computer has a virus or any other form of malware, it is reasonable to consider the computer compromised. Depending on the malware, a compromised computer can mean different things. Ransomware might delete your data but typically doesn’t actually disclose it to anyone. Most other forms of modern malware do attempt to steal sensitive data such as passwords.
Note: Ransomware can provide good cover for other malware so it shouldn’t necessarily be assumed that your data hasn’t been exposed if you get affected by ransomware.
Some types of malware can be particularly difficult to remove. Generally, antivirus software can clear things up, but it may be necessary to wipe the hard drive and reinstall the operating system. In some rare cases, even this might not be enough. Malware of this caliber, however, is typically only developed by nation-state-level threat actors.
When software is compromised, everything that it does, and has done, is suspicious. If the software is compromised it should be treated as if it was purely malware. Typically, if any piece of software on your computer gets infected, it can be resolved by antivirus software. Unfortunately, there are worse scenarios. For example, if the developer of a piece of software gets compromised, then it may ship compromised software to its customers. This is known as a supply chain attack. This sort of compromise involves the developer being hacked in some way. It is, however, possible for the developer to have an insider threat.
Note: Hardware can also be compromised through supply chain attacks.
It’s important to understand that the security incident may not be limited to the actually compromised system or data. The original compromise may enable further security incidents. Each of the examples given above has shown this in some form. Compromised classified data could put the lives of field agents and the “assets” they manage at risk. If carefully manipulated, it could even lead to the acceptance of false intelligence and could compromise other operations. Your compromised computer could be used to proliferate the malware it’s infected with. The data on it could also be used to access your online accounts etc. Compromised software can affect all users of the software when the affected software is widely used this can have a very broad impact.
A compromise in cyber security refers to the unauthorised access, modification, or deletion of data or a system. While a single system can be affected, any system that integrates with that system can also feel the effects, even if it was not directly affected itself. A compromise doesn’t necessarily result in a “data breach” where the data is sold/released on the black market. It can just be an accidental disclosure to a responsible but unauthorised person. It may also be prudent to assume that data that was accidentally public is compromised even if there are no actual indications of someone having accessed it.