This seems risky when you consider the 2016 Cost of Data Breach study conducted by the Ponemon Institute, which found the average breach cost more than $4 million per incident, a 29% increase on 2013. It's time to reduce your exposure now. To help, we've outlined five basic threats you may want to address.
Breaches are on the up. The past two years alone have seen significant attacks on several high-profile multinational organizations. Australia has not been immune to such attacks, with prominent brands exposed and embarrassed by database breaches.
To try and avoid this being you and your organization, you need to continually review your systems, audit your databases, and manage your access and internal human processes to dramatically reduce the risk of a breach.
This can make a difference. In 2013, the Online Trust Alliance (OTA) determined that more than 97% of incidents could have been prevented with simple steps and best practice internal controls. So get started by understanding five of the most common threats to your enterprise data as outlined below in plain language:
1. Poor Privileges
This is a great place to start because it can be so easy to fix and yet potentially so devastating to your data. Human privileges can often exceed the requirements of a person's job function. They can also remain unchanged when someone moves roles within the organization, or leaves altogether. This exposes the data to people who may have ill intent.
Time to conduct an audit of all users, roles and access rules, and make the changes you need to limit exposure. Be sure to communicate any changes to the staff member and answer any questions they may have with regards to their new limited access rights. This process will eliminate unnecessary risk - and take some of the human element out of it.
Cyber-criminals often use advanced attacks that blend multiple tactics such as spear phishing emails and malware. Just on its own, spear phishing has become an endemic scourge: 95% of US and 83% of UK respondents in a recent Cloudmark survey said they have experienced an attack. Malware, or "malicious software" is also on the rise. Unaware that malware has infected their device, legitimate database users become a direct conduit for these groups to access your networks and sensitive data.
3. Exploitation of Vulnerable Misconfigured Databases
Our enterprise database consultants find vulnerable and unpatched databases all too often as we audit systems considered safe by their owners. We often see databases with their default accounts and configuration parameters in place too - especially in the case of open source implementations where a staff member has downloaded the software and done a DIY job on the database.
Attackers exploit these vulnerabilities very easily. Your internal staff may be too busy to update patches or it might be tough to find a maintenance session. However these issues must be resolved and a patch process put in place. IT solution providers such as Fujitsu can help when you feel you would benefit from a third party discipline. Whatever you do though, take action to resolve the issue now.
4. Limited Security Expertise and Education
According to the Ponemon Institute 2014 Cost of Data Breach Study, 30% of data breach incidents are caused by “human factor”. The Online Trust Alliance (OTA) also stated in 2013 that more than 97% of breaches were preventable by implementing simple steps and following best practice and internal controls. Ensure your internal staff are trained and capable of maintaining the security of your enterprise database to a professional business-critical level. If you are not sure, then engage the services of a professional database service provider such as Fujitsu.
5. Input Injection (SQL Injection)
This type of attack allows an attacker to inject code into a program or query or inject malware onto a computer in order to execute remote commands that can read or modify a database, or change data on a web site. There are two major types of database injection attacks. The first is SQL Injection that targets traditional database systems, and then there is NoSQL Injection targeting Big Data platforms.
SQL Injection executes malicious SQL statements that control a web application’s database server. They can potentially attack any website or web application that uses an SQL-based database. These attacks bypass a web application’s authentication mechanisms and retrieve the contents of an entire database to add, modify and delete records and as such disrupt data integrity. They are quite common and one of the oldest and most dangerous vulnerabilities around.
So now you know about five very common threats to your enterprise database.
We encourage you to speak to your IT people about how they are addressing these basic threats, or contact us to discuss your situation in strict confidentiality. If you are running a PostgreSQL-based database, we can also conduct a Health Check to specifically uncover any potential issues exposing your organisation to the risk of an attack.