Most IT security resources in today’s enterprise are allocated to protecting network assets, according to a report issued by CSO Custom Solutions Group – even though the majority of enterprises believe a database security breach would be the greatest risk to their business.
When comparing the potential damage caused by breaches, most enterprises believe that a database breach would be the most severe as they contain the most vital and valuable information – intellectual property as well as sensitive customer, employee and corporate financial data. A full 42% of respondents believe that they have more difficulty preventing new attacks than in the past, as well.
“IT security has to focus attention on the most strategic assets”, said Mary Ann Davidson, CSO at database provider and report sponsor Oracle, in a statement. “Organizations can’t continue to spend on the wrong risks and secure themselves out of business. When attackers do break through the perimeter, they can take advantage of weak security controls against the core systems by exploiting privileged user access, vulnerable applications, and accounts with excessive access.”
When it comes to increased budgets and actual security spending, 59% of participants plan to increase security spending in the next year. And, the survey uncovered that nearly 66% of respondents said they apply a security inside-out strategy, whereas 35% base their strategy on endpoint protection. Yet, spending does not truly align, as more than 67% of IT security resources – including budget and staff time – remain allocated to protecting the network layer, and less than 23% of resources were allocated to protecting core systems like servers, applications and databases.
“Organizations have to get the fundamentals right – which are database security, application security and identity management”, added Davidson.
As for the reason why databases are neglected, a lack of awareness stood out: 44% said they believed that databases were safe because they were installed deep inside the perimeter.
"The results of the survey show that the gap between the threat of severe damage to a database attack versus the resources allocated to protecting the database layer is significant, highlighting the disconnect in how organizations are securing their IT infrastructures," said Tom Schmidt, managing editor at CSO Custom Solutions Group, in announcing the results.