Thursday, October 6, 2016

Top 10 database security threats

Databases are among the most valuable assets in the information system as they store valuable and vital data and records of the business. As such, they are also among the most interested place of intrusion for hackers, attempting to gain access to confidential and sensitive information from within.

California based cyber security solution provider Imperva has been consistently publishing the Top 10 Database Security Threats white paper every year.

From year 2013 until 2015, this top 10 database security threats remained as the same listing, with the same ranking, as below:
  • 1. Excessive and Unused Privileges
  • 2. Privilege Abuse
  • 3. Input Injection (SQL Injection)
  • 4. Malware
  • 5. Weak Audit Trail
  • 6. Storage Media Exposure
  • 7. Exploitation of Vulnerabilities and Misconfigured Databases
  • 8. Unmanaged Sensitive Data
  • 9. Denial of Service (DoS)
  • 10. Limited Security Expertise and Education
According to Imperva, the top 9 threats above can be addressed by using an automated Database Auditing and Protection (DAP) platform, which is an approach that improves security, simplifies compliance, and increases operational efficiency. The 10th threat is "human factor" by negligent employee or contractor.

The white paper outlined a multi-layered database security defence strategy encompassing:
  • Discovery and Assessment: to locate where database vulnerabilities and critical data reside.
  • User Rights Management: to identify excessive rights over sensitive data.
  • Monitoring and Blocking: to protect databases from attacks, unauthorized access, and theft of data.
  • Auditing: helps to demonstrate compliance with industry regulations.
  • Data Protection: to ensure data integrity and confidentiality.
  • Non-Technical Security: to instil and reinforce a culture of security awareness and preparedness.
"Failing to safeguard databases that store sensitive data can cripple your operations, result inregulatory violations, and destroy your brand. Understanding the top database threats and implementing the solutions outlined in this paper will enable you to recognize when you’re vulnerable or being attacked, maintain security best practices, and ensure that your most valuable assets are protected." -- Imperva, 2015

You can download the complete white paper to find out more detail of this interesting defence strategy.
 

at

No comments:

Post a Comment