Databases are among the most valuable assets in the information system as they store valuable and vital data and records of the business. As such, they are also among the most interested place of intrusion for hackers, attempting to gain access to confidential and sensitive information from within.
California based cyber security solution provider Imperva has been consistently publishing the Top 10 Database Security Threats white paper every year.
From year 2013 until 2015, this top 10 database security threats remained as the same listing, with the same ranking, as below:
- 1. Excessive and Unused Privileges
- 2. Privilege Abuse
- 3. Input Injection (SQL Injection)
- 4. Malware
- 5. Weak Audit Trail
- 6. Storage Media Exposure
- 7. Exploitation of Vulnerabilities and Misconfigured Databases
- 8. Unmanaged Sensitive Data
- 9. Denial of Service (DoS)
- 10. Limited Security Expertise and Education
The white paper outlined a multi-layered database security defence strategy encompassing:
- Discovery and Assessment: to locate where database vulnerabilities and critical data reside.
- User Rights Management: to identify excessive rights over sensitive data.
- Monitoring and Blocking: to protect databases from attacks, unauthorized access, and theft of data.
- Auditing: helps to demonstrate compliance with industry regulations.
- Data Protection: to ensure data integrity and confidentiality.
- Non-Technical Security: to instil and reinforce a culture of security awareness and preparedness.