We\u2019ve reached that time of year where everyone in the security industry is pulling together predictions for what we expect to see over the next year, and\/or slowly backing away from any imperfect predictions we might have put forth the year before.Last year, I offered up a number of predictions, but the one continuing to make huge waves in 2017 is around data integrity attacks. Quite simply, I expect that we\u2019ll see more intricate, complex and undetected data integrity attacks and for two main reasons: financial gain and\/or political manipulation.+ Also on Network World:\u00a0How much does a data breach actually cost? +Data integrity attacks are, of course, not entirely new. Data integrity is a promise or assurance that information can be accessed or modified only by authorized users. Data integrity attacks compromise that promise with the aim of gaining unauthorized access to modify data for a number of ulterior motives. It is the ultimate weaponization of data.A few classic examples include the 2008 case of Brazilian logging companies that accessed government systems to inflate logging quotas\u00a0and the famous 2010 story on how the Stuxnet worm\u00a0used very minor changes to attempt to destroy Iran's nuclear program. In 2013, a Syrian group hacked into the Associated Press' Twitter account and tweeted that President Obama had been injured in explosions at the White House. (That single tweet caused a 147-point drop in the Dow.)Fast forward to 2015 when Anonymous began releasing financial reports exposing firms in the U.S. and China trying to cheat the stock market, in one case, damaging the brand reputation of REXLot Holdings, a games developer that had inflated its revenues. The same year, there was the JP Morgan Chase breach and subsequent attempt at market manipulation. Which leads us, of course, to 2016, with the World Anti-Doping Agency and Democratic National Committee breaches, both examples of how hackers are using data integrity attacks to embarrass organizations.How will cyber attacks get worse?What\u2019s different now from last year\u2019s prediction? Why will these attacks get worse? The first generation of cyber attacks were about cutting access to data, and then we moved on to data theft. Now, we\u2019re starting to see evidence of that stolen data being altered before transition from one machine to another, effecting all elements of operations.The proliferation of the Internet of Things (IoT) means hackers have a seemingly infinite number of different attack surfaces and personas that they can manipulate. Use your Fitbit as an example, and look at the number of people who touch it\u2014the user, the manufacturer, the cloud provider hosting the IT infrastructure, the third parties accessing it via an API, etc. This creates a cross-pollination of risk that the security industry has not seen before, and that\u2019s just one person\u2019s \u201cthing.\u201dData integrity attacks have the power to bring down an entire company and beyond.Today's connected world constantly generates mounds of data that businesses, industry pros and analysts use to drive decisions, make projections, issue forecasts and more.Data integrity attacks have the power to bring down an entire company and beyond. Entire stock markets could be poisoned and collapsed by faulty data. The power grid and other IoT systems from traffic lights to the water supply could be severely disrupted if the data they run on were to be altered. And perhaps the greatest danger is that many of these could go undetected for years before the true damage reveals itself. What\u2019s at stake is trust. Decision-making by senior government officials, corporate executives, investors and average consumers will be impacted if they cannot trust the information they receive.What you can do to protect dataAt this point, you\u2019re probably terrified\u2014or morbidly depressed. Is there anything we can do? And the answer to that is yes. When I talk to the businesses we work with, one of the first questions I ask is, \u201cWhat are you trying to protect?\u201d If you don\u2019t know what data you\u2019re trying to protect, there is no point in spending money to protect it. It\u2019s a\u00a0straightforward enough question perhaps, but it isn\u2019t very easy to answer. Despite this, working out an answer is one of the most fundamental things an organization can do towards making itself secure. Last month\u2019s blog,\u00a0Securing the breach trumps breach prevention, detailed some additional tangible steps you can take.Breaches will continue to happen\u2014to expect otherwise would be\u00a0unrealistic. But as their scale and complexity grows, focusing on them\u00a0first would take up all of an organization\u2019s IT security bandwidth. A better starting point is to know what you are trying to protect.