Most Corporate Databases Vulnerable

Thursday, December 20, 2012 @ 11:12 AM gHale

While it is just a snapshot, it can open your eyes a bit as GreenSQL found 88 percent of companies participating in its December survey do not protect their databases from external and internal threats, and almost 20 percent do nothing to protect their databases at all.

While companies know they need to secure their main product, they also must understand the corporate database is a vital entity the organization needs to lock down.

Report: Security Growing — Slowly
Malware Intensity on Rise
Attack Growth Next Year
Major Security Pain: Mobile Devices

The survey question asked over 350 IT professionals: “How do you protect your data from SQL injection attacks?” The response:
• I improve code practices – 52 percent
• I do not protect my database from SQL injection attacks – 18 percent
• I use an application firewall – 18 percent
• I use a database firewall – 12 percent

“The survey reveals that almost all companies are still vulnerable to internal and external threats. Simply improving code practices is not enough to protect databases from internal threats,” said Amir Sadeh, chief executive at GreenSQL, a database security provider.

“The vast majority risks damage to corporate reputations, fines, law suits, and loss of customers’ confidence and business by deploying no database protection whatsoever,” Sadeh said. “This is tantamount to a corporate death wish.”

According to accepted industry figures, SQL attacks occur more than 70 times per hour. Cybercriminals attempt to inject malicious code into the database using online forms to either access or destroy the information within the database.

Leave a Reply

You must be logged in to post a comment.