Integrity & Availability Threats ⚠️How Data Changes and Systems Go Offline 🔄🚫
In the previous article on Confidentiality, we focused on protecting sensitive information from unauthorized access. 👉Protecting Confidentiality.
Beyond confidentiality, two other pillars of information security—integrity and availability—are just as critical. Integrity ensures that data remains accurate, complete, and unaltered, while availability ensures that systems and information are accessible when needed. In this article, we’ll begin by exploring integrity concerns first, understanding how data can be tampered with or corrupted, and why that loss of trust can be just as damaging as a data breach.
Integrity Concerns ⚠️🚩
When users access data, they expect it to be correct, consistent, and from a trusted source. For example, when you check your bank account, you trust that the balance shown reflects real transactions and hasn’t been altered incorrectly. Similarly, when a doctor reviews a patient’s medical record, they expect the information to be accurate and up to date, based on recent visits, tests, or treatments—not altered accidentally or by unauthorized users.
In information security, integrity means ensuring that data remains accurate, consistent, and modified only by authorized sources. While data is expected to change over time, those changes must be intentional, traceable, and trustworthy. When integrity is compromised, people may make critical decisions based on incorrect or manipulated information. Below are the different threats that can impact data integrity.
On-Path Attacks (Formerly Man-in-the-Middle Attacks) 🚧🔀
In an on-path attack, formerly known as a man-in-the-middle attack, an attacker secretly places themselves between a client and a server without either side realizing it. For example, when you connect to a public Wi-Fi network at a coffee shop, a malicious device can sit between your laptop and the internet router, silently intercepting the data you send and receive.
The on-path software intercepts the data, forwards it back and forth, and makes everything appear normal. Both the client and the server believe they are communicating directly with each other, when in reality they are each communicating with a rogue system controlled by the attacker.
Traditionally, this type of attack was carried out by wiretapping physical network cables. However, the widespread use of wireless networks has greatly increased the number of targets. An attacker no longer needs physical access to a cable—they can sit outside a building, intercept wireless traffic, alter packets, and send them along without being noticed.
An attacker may have two different goals:
- Recording information for later viewing, which is mainly a confidentiality concern 🔐
- Modifying data in transit, which is a serious integrity concern ⚠️
A common way to reduce the risk of on-path attacks is to enforce secure wireless authentication protocols such as WPA2 or WPA3, which encrypt data and help ensure devices are communicating with legitimate network access points.
Replay Attacks 🔁🎯
In a replay attack, an attacker captures information sent by a legitimate user and later reuses (replays) that message to trick a system. In simple terms, the attacker is not creating new data—they are re-sending valid data that was captured earlier.
For example, imagine an attacker intercepts a wireless door-lock signal or a one-time login request. Even if they don’t understand the message, they can replay it later to gain unauthorized access, because the system sees it as a valid request.
Replay attacks are often an extension of snooping or wiretapping, where data is quietly captured as it travels across a network. While this attack can affect confidentiality, it becomes an integrity concern because the system is fooled into accepting old or reused data as if it were new and legitimate.
Impersonation Attacks 🎭📛
It is much easier for an attacker to succeed with a social engineering attack when the victim trusts the person they believe is sending the message. For example, you might receive an email that appears to be from your manager or a coworker named Steve, asking you to share a document or reset a password urgently.
But what if the person requesting the information isn’t really Steve? It could be someone pretending to be Steve, which is known as an impersonation attack—when an attacker pretends to be someone or something they are not.
Impersonation is widespread today and surprisingly easy to carry out. Attackers can spoof phone numbers so a call appears to be from a trusted contact, or fake email addresses and IP addresses to appear legitimate. For example, a scam call may show your bank’s official phone number on the screen, even though the call is coming from an attacker.
The same concept applies to computer networks. A server does not question or ignore a request the way a human might let a suspicious call go to voicemail. If a server receives traffic from what appears to be a trusted IP address, it will respond automatically, giving the attacker an opportunity to move closer to their goal.
Unauthorized Information Alteration ✏️🚫
Once an attacker gains access to a system, they may try to change information without permission to harm a business or an individual. This often involves altering data stored in databases, where even small changes can have serious consequences.
For example, if a company’s entire client list is deleted or modified, the business could lose customers and revenue. In another case, a customer searching online might see that an item is out of stock, even though it is actually available. As a result, the customer may place an order with a different supplier, resulting in unnecessary losses for the company.
Unauthorized alteration of information doesn’t always come from external attackers. It can also come from internal sources. Employees already know where sensitive data is stored and often have legitimate access to systems. A disgruntled employee might intentionally damage data, or someone might secretly modify an HR or payroll system to give themselves an unauthorized pay raise.
This type of attack directly affects data integrity, because the information can no longer be trusted—even though the systems may still be working and accessible.
Availability Concerns ⏳🚫
While some attackers want to steal or change data, others want to prevent anyone from accessing it at all. When people visit a website like Amazon, they expect the site to be up and working so they can browse products and make purchases. If the site is down, even for a short time, it becomes very difficult for the company to do business.
The final pillar of the CIA triad is availability, which means that data and systems are accessible when users need them. Even if information is secure and accurate, it is useless if legitimate users cannot access it at the right time.
Availability problems generally fall into two main categories:
- Denying service, where systems are intentionally overwhelmed or blocked
- Hardware issues, where failures in physical components prevent access
In the next sections, we’ll look at each of these causes and how they impact system availability.
Denying Service 🚫🌐
There are several ways attackers try to prevent users from accessing the data or network resources they need. One common method is to flood a server with a huge number of fake connection requests, far more than it can handle. When this happens, the server becomes too busy to respond to legitimate users. This type of attack is called a Denial-of-Service (DoS) attack.
Real-world analogy:
Imagine a customer service phone line with only 10 operators. If one person keeps calling thousands of times and never hangs up, real customers can’t get through, even though the business is still open. The service hasn’t disappeared—it’s just unavailable.
Any time a service is unavailable to users, it is considered a service outage. If an administrator detects a DoS attack, one possible response is to configure the firewall to block incoming connection requests from the attacker’s IP address.
However, attackers often have a way around this defense. Instead of using a single system, they can control dozens or even hundreds of infected computers across the internet—often called bots or zombies—and launch a Distributed Denial-of-Service (DDoS) attack. Because traffic comes from many sources, DDoS attacks are much harder to stop and often keep services offline for longer than a standard DoS attack.
Real-world analogy:
Instead of one prank caller, imagine hundreds of people calling simultaneously from different phone numbers. Blocking a single number no longer works, and the phone system stays overloaded for much longer.
DoS attacks are not limited to web servers. Wireless networks can also be targeted if an attacker jams the wireless frequency, preventing legitimate devices from communicating. In these cases, the only real solution may be to locate the interfering signal and shut it down.
Real-world analogy:
This is like someone standing near a radio station and blasting loud static on the same frequency, making it impossible for anyone else to hear the broadcast.
Another cause of service denial is a power outage. While attackers rarely target power grids directly, outages can still occur due to natural disasters or widespread electrical failures. To reduce the impact, organizations use a UPS (Uninterruptible Power Supply), which is a battery backup system that servers plug into. A UPS can keep a server running for 15 minutes to an hour or more, giving administrators enough time to shut systems down safely, even if it cannot keep the business fully operational.
Hardware Concerns 🖥️🔧
Organizations lose millions of dollars every year due to hardware theft and damage. Because of this, it is important to physically secure computer hardware in whatever environment it is placed—whether that’s an office, data center, or remote workspace. Even the best software security cannot protect a system if the physical hardware itself is compromised.
Hardware Damage ⚠️🔨
Within a company’s office, solutions for securing computers and peripherals typically focus on protecting the environment as a whole rather than each device. Some standard measures include:
- Requiring security keycard access to office areas
- Having a professional security presence in large organizations
- Keeping doors and windows locked
- Being prepared to challenge unfamiliar individuals who do not usually belong in the work environment
Physically securing an area helps prevent two major problems: hardware damage and hardware theft.
Real-world analogy:
If an attacker can walk up to your computer with a hammer, it doesn’t matter how strong your firewall is or how advanced your encryption may be. Physical access enables them to cause immediate, irreversible damage, leading to system failure and data loss.
Hardware damage isn’t always intentional. It can also be inadvertent. For example, someone might accidentally spill coffee on a server, trip over a power cable and unplug critical equipment, or block ventilation, causing a system to overheat and fail.
Hardware Theft 🏃♂️💻
The risk of hardware theft varies greatly depending on the environment. Leaving a laptop unattended at an airport or coffee shop is very different from leaving it on your desk in a secure office while you step out for lunch. When traveling with a laptop or other portable technology, the focus should be on the physical security of the individual device.
Best practices for protecting portable devices:
- Always know where your device is—ideally within arm’s reach or at least within your sight
- Never leave a device unattended, even for a short time
- Carry devices in an unconventional or low-profile bag instead of an expensive-looking laptop bag
- Use a proximity alarm that beeps if your device moves beyond a certain distance from a small transponder you keep with you.
Mobile devices such as smartphones and tablets are even easier for a thief to walk away with. While the same security principles apply, you need to be extra cautious, since these devices are smaller, more valuable, and frequently handled in public spaces.
If you are not in a secure area, it may be appropriate to use physical locks that attach hardware to a desk or another fixed object. There are various locks, cages, and racks designed to make it difficult to remove computers from their location.
Most laptops include a K-slot (Kensington Security Slot). Kensington manufactures a lock designed to fit into this slot. The lock connects to a security cable, which can be bolted to a wall, desk, or piece of furniture. These locks are typically secured using either a key or a combination, helping prevent the device from being carried away.
Real-world analogy:
Using a laptop lock is like locking a bicycle. It won’t stop every determined thief, but it makes stealing the device much harder and far less convenient, often enough to discourage the attempt entirely.
Wrapping Up 🧭
Integrity and availability are just as important as confidentiality when protecting information. If data is altered without authorization or systems become unavailable when users need them, trust is lost, and real-world consequences follow—missed business opportunities, safety risks, and financial losses. From on-path and replay attacks to denial-of-service incidents and physical hardware threats, these risks show that security goes far beyond passwords and firewalls. By understanding how integrity and availability can be compromised—and taking practical steps to protect them—organizations and individuals can build systems that are not only secure, but also reliable and trustworthy when it matters most.
In the next article, we’ll explore privacy expectations—how users expect their personal information to be collected, used, and shared responsibly, and what happens when those expectations are not met. 👉 Privacy Expectations
This article is part of the Security Concepts & Threats series, which explores the fundamentals of protecting data, people, and devices in a connected world. For the full overview of how modern risks, defenses, and access controls fit together, refer to the main article in this series. 👉 Security Concepts&Threats