Share

Top 5 Stories

News

SQL injection tops SMB database security concerns

11 April 2012

More than half of small and medium-sized businesses (SMBs) are most concerned about SQL injection attacks against their databases, according to a survey of 6,000 SMBs users of GreenSQL’s database security product.

Cybercriminals use SQL injection to target both external websites and internal databases when seeking data for identity theft and other black market activities, GreenSQL said. Public websites are vulnerable to SQL injection attacks, but so are internal collaborative sites as shown by the recent assault on the internal Nokia developer application, the company warned.

David Maman, chief technology officer of GreenSQL, said that SMBs are increasingly the target of SQL injection attacks, while large companies are seeing a decline in attacks, according to the most recent Verizon Data Breach Investigations Report.

“Large organizations can afford advanced solutions that cost a lot of money, while the SMBs are just starting to become aware of how big a threat” SQL injection is, Maman told Infosecurity.

Close to one-third of the SMBs surveyed are most concerned about internal threats to their database, such as unauthorized database access, database administrator errors, and data exposure to nonprivileged users.

While developers, administrators, and customer service representatives all need data access, they should have different access privileges, the company explained. In addition, data protection covers threats from both employee theft and error. Coordinating database access control and command permissions can significantly reduce data loss from errors while lowering the cost to repair any that remain, GreenSQL added.

“Smaller organizations can’t afford an in-house database administrator….So they outsource to maintain their database. Once a database administrator is connected to the network, he can do whatever he wishes with the database”, Maman explained.

Around 18% of SMBs are most concerned about regulatory compliance related to database security, the survey found.

This article is featured in:
Application Security  •  Data Loss  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×