A survey of more than six thousand IT administrators, DBAs, data security professionals and consultants about their most critical database security concerns has highlighted that the respondents’ primary concerns were: SQL injection attacks from internal and external users (51 percent); Internal threats, including unauthorised database access, database administrator errors, and data exposure to non-privileged internal users (31 percent); and regulatory compliance (18 percent).
“In today’s environment, it isn’t a matter of whether you will be hacked, but when. Cybercriminals recognise that not only enterprises but also SMBs are especially vulnerable,” said the research’s sponsor GreenSQL ‘s CEO, Amir Sadeh. “Databases contain the crown jewels of an organisation, which means a break-in by insiders or outsiders can cost millions in fines, lawsuits, and customer attrition.”
Cybercriminals use SQL injection to target both external websites and internal databases when seeking data for identity theft and other profitable black market activities. Public websites serving as the face of an organisation are known to be vulnerable to SQL injection attacks but so are internal collaborative sites as shown by the recent assault on the internal Nokia developer application.
Internal data security leaks let corporate data get into the wrong hands. While developers, administrators, and customer service representatives all need data access, they should have different access privileges. In addition, true data protection covers threats from both employee theft and error. Coordinating database access control and command permissions can significantly reduce data loss from errors while lowering the cost to repair any that remain.