T 0.20 Information or Products from an Unreliable Source

If information, software or equipment is used which comes from unreliable sources or whose origin and correctness were not sufficiently verified, their deployment can pose high risks. It can lead to business relevant information resting in the wrong database, calculations providing wrong results or wrong decisions being made, among other things. Also, integrity and availability of IT systems can be affected thereby.

Examples:

• A recipient of emails, the origin of which has not been verified, can be encouraged to carry out certain actions which have an adverse effect on himself or others. For example, the email may contain interesting attachments or links, which when clicked upon install malicious software on the recipient's computer. The sender of the email can be falsified or it can imitate a familiar communication partner.
• An assumption that a statement is true because it is "published in the newspaper" or "was shown on TV" is not always justified. Wrong statements can be incorporated into business critical reports in this way.
• The reliability of information which is spread via the Internet differs greatly. If statements are accepted from the Internet without further source verification, wrong decisions can result from this.
• If updates or patches are downloaded and installed from untrustworthy sources, it can lead to unwanted side effects. There is an increased threat that IT systems get infected with a harmful code, if the origin of software is not verified.