Databases contain one of an organization’s most valuable assets: information. Whether it’s medical records, credit card numbers, phone numbers, addresses or online account credentials, not only is this information essential to the organizations that have it, but protecting it is just as important. The black market has a price for every data type, and in many cases, that price is handsome enough to inspire malicious activity.
It follows logically that database security has to be a top priority for organizations across a number of industries. However, a 2016 study by Imperva shows that the top database security threats have remained overwhelmingly similar to previous years, suggesting it might be time for some organizations to get back to the basics when it comes to database security: best practices, internal controls, and database security solutions.
Confidential consequential
A database is where an organization’s confidential business data is stored, including consumer and employee information. In general, the more important it is for a business to keep information confidential, the more valuable that stolen information is going to be on the black market. That’s where hackers and data miners come in.
While all organizations need to take appropriate and proactive steps to protect their databases, there are some industries that need to be more wary than others. Among the most targeted industries are healthcare, retail, technology, finance, government and education – all industries where data breaches are devastating due to the highly sensitive nature of the information at stake.
The more things change…
What worked for hackers years ago is obviously still working today, so now is the time to learn about what can be done to protect against these ongoing threats. The biggest threats are nothing new and they’re widely known, which is why the following of best practices and internal controls along with the implementation of database security solutions is critical to preventing database breaches.
Threat #1: Excessive and unused privileges
What it is: When privilege control mechanisms are not well defined or maintained within an organization, employees may be given privileges that exceed the requirements of their jobs – privileges that are ripe for misuse.
Security steps to take: Identify and classify sensitive data, aggregate access rights, enrich access rights information, identify and remove excessive rights, review individual user rights, deploy real-time alerting and blocking, and detect unusual access activity.
Threat #2: Privilege abuse
What it is: The abuse of legitimate or appropriate privileges for purposes which are unauthorized.
Security steps to take: Aggregate access rights, enrich access rights information, identify and remove excessive rights, deploy real-time alerting and blocking, and detect unusual access activity.
Threat #3: Insufficient web application security
What it is: This year Imperva’s list of top database threats is rolling up SQL Injection (SQLi) and Web Shell attacks into a single threat – insufficient web application security. SQLi is the insertion of malicious statements either into the input fields of web applications, in the case of traditional databases, or into Big Data components in the case of Big Data platforms. Either way the end result is the same: the hacker gains unrestricted access to the database.
Web Shells are backdoors that use web server core functionality, typically used to serve remote clients, to provide persistent remote access to the server as well as full or limited control over it. Web Shell attacks are therefore a stealthy method that provides a hacker with unauthorized remote access to a server, allowing the hacker to use the shell’s file browsing capability to find and steal database credentials, which then allows the attacker to compromise the databases and steal data without detection.
Security steps to take: Scan for vulnerabilities, calculate risk scores, mitigate vulnerabilities, deploy real-time alerting and blocking, detect unusual access activity, and block malicious web requests and activity.
Threat #4: Weak audit
What it is: A weak audit is one that does not include the automated monitoring of all relevant database transactions for both security and compliance anomalies with detailed audit logs of contextual details necessary for investigating incidents and generating the necessary reports. The failure to monitor for these anomalies and collect appropriate details of database activity creates a serious risk at multiple levels.
Security steps to take: Automate the monitoring of database and user activity with a Data Audit and Protection (DAP) platform that captures contextual audit logs and simplifies compliance reporting and forensic investigations, and reduce the volume of sensitive data that needs to be monitored by implementing a data masking solution on non-production databases.
Threat #5: Storage media exposure
What it is: Backup storage media left unprotected, making the theft of backup discs and tapes a relatively easy feat for attackers to accomplish.
Security steps to take: Encrypt databases.
The price paid
The true cost of a data breach is something an organization won’t fully realize for years after the breach occurs. The damage incurred by a breach includes the initial loss of sensitive data, brand reputation damage, remediation costs and lawsuits that can go on for years.
In the age of information, database security can be anyone's Achilles heel, and educating ourselves for proper protection can save us immeasurable harm.