What is considered a threat to data at rest?

A threat to data at rest encompasses any risk that can compromise the integrity, confidentiality, or availability of data that is stored on a device or storage system. In this case, both data alteration by unauthorized users and data theft are recognized as significant threats.

Data alteration by unauthorized users refers to a situation where malicious actors gain access to stored data and modify it without permission. This can lead to misinformation, loss of data integrity, and various operational issues, especially if the data is being used for critical business functions or decision-making.

Data theft, on the other hand, involves the unauthorized copying or removal of data. This could mean sensitive information, trade secrets, or personally identifiable information is taken by attackers, leading to privacy breaches, financial losses, or reputational damage for the affected organization.

Thus, acknowledging both data alteration and data theft as threats provides a comprehensive view of the potential vulnerabilities that data at rest may face. Regular backups, while essential for data recovery, do not inherently represent a threat but are rather a mitigation strategy against data loss, making them not relevant as a threat compared to the other options presented. This is why the correct answer includes both alteration and theft as significant threats to data at rest.