A breach in your organizations database security can be disastrous. It could cost your organization millions. It could cause sensitive information to be leaked. It can lose your company the trust of its customers, and ultimately, its reputation.
But despite its importance, database security is not receiving the attention it deserves. According to a report from Osterman Research and DB Networks entitled Identifying Critical Gaps in Database Security, a whopping 47% of the organizations represented in the survey did not have someone overseeing database security.
39% of the companies did not even have an option to monitor their database in real time, allowing potential hackers plenty of time to work on the database before anyone in the company is alerted.
Furthermore, only 19% of the respondents considered their data and database visibility to be “excellent.” More than half (59%) did not know for certain which users, clients, or applications had access to their database and 46% were unsure about whether their restricted processing segments were properly segmented or not.
When asked to describe the biggest concerns they have for their databases, 50% of respondents stressed compromised credentials as being their greatest risk, and 47% said that the inability to identify breaches until it is too late is what concerns them the most.
In addition, 44% mentioned a compromised or abused credential that is used to breach critical databases, and 31% commented on the dwell time of infiltrations into the network, with 48% admitting to experiencing a serious data breach. That is an alarming segment of the 209 employees that were surveyed.
When asked what would happen if a breach through compromised credentials would actually occur, 39% said that they would not know because they had no detection tools in place to become aware of this type of database breach.
In fact, only 21% said that they would be able to discover a breach from compromised credentials immediately, while 34% said it would take a day, and 18% said that they would need a week to sort it out. The remainder of the respondents thought that they would need at least a month or longer.
The overall trend is showing that more and more companies are becoming aware of the database security problem and acting on it. Yet, this clearly still has a long way to go.
Although many respondents acknowledged the vulnerability of their database security, only a small percentage actually were committed to performing regular assessments. This is a trend that needs to change, and quickly.
Michael Osterman, the president of Osterman Research, had this to say about the issue:
“Identifying compromised database credentials and insider threats will likely receive far more investment in the future. And it is likely that the actual rate of successful infiltration or other leakage events may be higher than discussed in this report due to inadequate organizational systems for tracking successful threats.”
As it stands, the world of database security has a long way to go before companies can feel truly secure about the safety of their data and databases. There is so much more that organizations and corporations can be doing to ensure their customers’ personal information is secure, that their company’s confidential data is seen only by the eyes that should be seeing it. Because after all, database security can never truly be taken seriously enough.