15 Nov Chances are that almost half of your Databases are vulnerable to attacks
Chances are that almost half of your Databases are vulnerable to attacks
Rise in technological advancement have resulted in businesses and organisations moving their databases and data to cloud. But there are quite a number of organisations who prefer to have on premise databases or sensitive information on their databases which is risky according to a new study by cybersecurity and software services company Imperva. A longstanding five-year study which comprised of nearly 27000 scanned databases suggested that an average on premise database contains 26 existing vulnerabilities. Out of the existing vulnerabilities 56% of the common vulnerabilities and exposure can be termed as highly critical or severe based on guidelines from National institute of standards and technology (NIST).
While on premises databases have an added security layer of corporate firewalls, quite often organisations neglect or overlook database security because they rely on outdated technological security process such as unpatched security updates or outdated security practises. The attackers gain access to the system by delivering or overloading payloads to the backend system which causes a database breach through a known vulnerability. The study conducted by Imperva have also stated that some vulnerabilities are as old as 3 years and not yet patched or rectified. With nearly 50% on premise database having vulnerabilities, data breaches are going up by an astonishing 30% annually. The volume of compromised data or data is growing at a rampant rate of 224% annually and is expected to grow much more in the coming years.
Rise in extensive opportunities for attackers
For attackers and threat actors, data has always been a primary target who gain access to internal network systems and databases and extract or compromise large volumes of data. The shift to cloud-based technology have somewhat caused a shift in attention of attackers away from the on-premise databases. But many organisations still use internal databases for internal business operations and to store sensitive information. The large exposed surface attack area has given attackers a way to infiltrate through the network perimeter security tools and end point protection systems that causes a data breach. The traditional security approach of protecting the systems and networks around critical data is not working and the organisations need to reconsider and revaluate their approach and adopt a more effective approach against the threats.
The primary and the most common reason of data breach was that the organisations failed to frequently patch or update their systems which lead to data breach. The Imperva tool which scanned the internal databases of organisations across the globe has shown significant disparities between the nations. For instance, the firms in France have the most exposure with 84% of databases having at least one vulnerability and the average vulnerable database having a staggering 72 security issues. Singapore and Australia had relatively less vulnerability issues with 65% and 64% of databases having a vulnerability, respectively. The average vulnerable database in Australia only had 20 vulnerabilities, while Singapore’s average was 62. The firms in The United States fared better with 39% of databases having at least one vulnerability and those among the vulnerable databases having an average of 25 flaws.
Counter measures to decrease on premise database vulnerabilities
Along with issues such as irregular patching and not frequently updating the security system, bypassing the authentication system is also one of the major reasons that causes data breach. One simple solution is to move databases to the cloud. Clouds provide higher level of security and the databases are managed way more systematically as compared to an on-premise database. Also, regular patching and updating of the cloud security system is simple and uncomplicated. The only significant issue is misconfiguration of data which may expose a vulnerability causing data breach. Misconfiguration in other organisation’s data with whom you share the cloud with may also result in the cloud getting breached and your data being compromised.
The security system is an iterative process and should be updated and checked frequently. Organisations should realise that, although patching and securing end points is a very good hygiene practise and significantly reduce the risk factor, it is still not enough to have a robust security system. The best approach would be to maintain a patch management program and employ security solutions which are data centric in nature. The following steps should be followed to have a robust and sophisticated security system:
Discovering the data and segmenting it: Many a times, it so happens that the organisations are not aware of their data repositories and where they are located which makes it difficult to trace the source of attack. Unknown data repositories act as blind spots and increases the risk factor of an attack. Locating and discovering data is a healthy practise. Segmenting the data also helps in reducing or thwarting threats and attacks. Critical and sensitive data can be segmented and provided with an extra layer of security.
Have a patch management system: A simple scan carried out frequently will provide a list of vulnerabilities in the system. Patch management program automates the patching process and updates the system with regular patches whenever required or whenever a new patch is available.
Identity access management: Is a system which reduces the access of critical and sensitive data to only those who have a certain amount of credibility or those who use it frequently. It also maintains a list of employees who are accessing the data and from what location they are accessing the data thus making the entire access management process transparent.
Conduct periodic checks and assessments: Database systems change with regular patching and updating. Conducting periodic checks ensures that there is no data misconfiguration and that all systems are up to date that reduces the risks significantly.
Install a data anomaly detection system: Manually checking the database at all times is exhausting and an almost impossible task. Install data anomaly detection systems which detects data anomalies and irregular behaviour of the system indicating data misuse or infiltration. Anomaly detection system alerts the administrator of an on-going attack which allows the administrator to undertake preventive steps to thwart the attack.
Security of on-premise database systems should be data centric. The process should be transparent, effective and visible. A mix of unified and a standalone approach should be adopted to prevent multi vector attacks and build a robust security system.