According to the 2015 Global Cost of Data Breach Study from Ponemon Institute, the total cost of a breach is $3.8 million, up 23% since 2013. That’s a staggering amount when you consider databases are one of the most compromised assets according to the 2014 Verizon Data Breach Report. You’d think that with the billions of dollars spent on security, more would actually go to the most compromised asset within your environment.
So why are databases so often targeted?
They are at the heart of any organization, storing customer records and other confidential business data.
Between insider access privileges to outside vunerabilities, databases are seen as low-hanging fruit in the eyes of hackers. Organizations simply aren’t doing enough to protect their crucial assets from the numerous possible access points to get in.
Data breaches have real-world consequences for not only companies, but also consumers.
The 2015 Ponemon Study goes on to say that the average cost per record breached is $154 dollars. For healthcare organizations, the cost per record breached is even higher: $363 dollars. What’s behind these costs? 47% of breaches are malicious attacks, which cost more to remediate. The costs due to lost business are higher: Churn rates following a breach are 3.3% as stated by the Ponemon Study.
According to that same study, organizations have a 22% chance of a security breach happening to them in the next 24 months.
To make matters worse, Ponemon’s 2014 Cost of Data Breach Study stated that for 30% of data breach incidents, the main root cause was classified as the “human factor” – in other words, a negligent employee or contractor.
So how can you mitigate a potential threat before it happens? Some say a good offense is a good defense. Here are the top ten ways to defend against the most common database threats:
1. Define job roles and limit access privileges to the extent of the specific job. When someone is granted database privileges that exceed the requirements of their job function, these privileges can be abused. Be sure to limit their access.
2. Establish rules and regulations that define employee access to data. Also define the actions that can lead to termination or even criminal charges. Why? Because users may abuse legitimate database privileges for unauthorized purposes.
3. Apply one of three primary defenses for preventing SQL Injection flaws: 1.) Use of Prepared Statements (Parameterized Queries), 2.) Use of Stored Procedures, 3.) Escaping all User Supplied Input. Get further details on these defenses and how to apply them.
4. Put a malware prevention and policy plan in place so employees understand the consequences of clicking on phishing emails and downloads from unverified sources.
5. Stay compliant with industry and government regulatory requirements. Automated recording of database transactions involving sensitive data should be part of any database deployment to prevent a weak audit trail.
6. Audit and monitor activities of administrators who have low-level access to sensitive data. Take appropriate steps to protect backup copies in case of storage media exposure. Even high-level employees can pose risks, so be sure data security best practices are known and enforced.
7. Look for vulnerable and un-patched databases that still have default accounts and configuration parameters and change them to stop the risk of exploitation of vulnerable, misconfigured databases. Remember to stay on top of critical updates and apply them.
8. Ensure an accurate inventory of your databases and the critical data objects contained within them.
9. Have a reliable failover system in place so your most valued customers can still access data in the event of Denial of Service (DoS). This type of attack usually targets network applications or data which is then denied to intended users. It oftentimes leads to extortion.
10. Keep pace with data growth and implement Internal security controls by ensuring you have an environment that’s equipped to deal with legacy storage and performance challenges.
Many times, IT teams lack the time or resources to implement security controls, enforce policies, or conduct incident response processes. However, making these ten strategies a priority will enable you to recognize when you’re vulnerable or being attacked, and ensure that your most valuable assets are protected.