Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Tips Database Forum Rss Feed

» Database Journal Home
» Database Articles
» Database Tutorials
MS Access
SQL Scripts & Samples
» Database Forum
» Slideshows
Free Newsletters:

News Via RSS Feed

Rss Feed

Database Journal |DBA Support |SQLCourse |SQLCourse2

Featured Database Articles

Database News

Posted June 13, 2014

Database Monitoring Key to Reducing Security Breaches

By Nathan Eddy

Continuous monitoring of database networks is the best approach to avoid breaches such as the high-profile attacks against Target, Michaels and other U.S. retailers, according to a study by privacy and information security research firm Ponemon Institute and DB Networks, a specialist in behavioral analysis in database security.

The survey found more than half (57 percent) of respondents believed that the attacks against the U.S. retailers involved SQL injection as one of the components of the attacks.

The study analyzed responses from 595 IT security experts in the United States working across a broad spectrum of industries and also the public sector.

"It's well known that database breaches, including these high-profile attacks against the retailers, are devastating to merchants in terms of lost sales and damage to their reputation," Brett Helm, chairman and CEO of DB Networks, said in a statement. "This study sheds additional light on the likely attack chain so that all retailers can now be more prepared in the future."

Nearly two-thirds of respondents (64 percent) felt that their organization presently does not have the technology or tools to quickly detect SQL injection database attacks.

Perhaps more worrying is the revelation that just one-third of respondents either scan continuously or daily for active databases. However, 25 percent reported they scan irregularly and 22 percent do not scan at all.

"While details of the recent retailers breach haven't yet been fully disclosed by the retailers who were breached or the U.S. Secret Service in charge of breach investigations, this study offers some interesting industry insight into these events from IT security professionals and experts familiar with PCI DSS," Larry Ponemon, founder and chairman of the Ponemon Institute, said in a statement.

While most respondents believed that the attacks against the retailers' databases involved SQL injection, almost half of the respondents said the SQL injection threat also facing their own organization is very significant.

Only 48 percent of respondents indicated that they test or validate third-party software to ensure it's not vulnerable to SQL injection, although 44 percent said they utilize professional penetration testers to identify vulnerabilities in their IT systems.

However, 65 percent of those penetration tests do not include testing for SQL injection vulnerabilities, the report pointed out.

Although initial reports suggested a Russian teenager was the perpetrator of the Target breach, half the survey respondents felt that it was actually the work of a cyber-criminal syndicate.

Only 15 percent responded that a lone wolf hacker was the likely culprit, while 11 percent responded that nation-state actors were likely responsible.

Originally published on eWeek.

Database News Archives

Latest Forum Threads
Database News Forum
Topic By Replies Updated
Efficient SQL Server Indexing by Design lcole 0 April 30th, 12:38 PM
Mine Oracle Database, SQL Server and Other Databases with Monarch Data Pump Pro V10.5 lcole 0 April 30th, 12:37 PM
Oracle Database and Oracle Fusion Middleware for Private Social Network Application lcole 0 April 30th, 12:31 PM
Oracle Database Maintains a Stronghold in the DBMS Market lcole 0 April 30th, 12:30 PM