Almost Half of Databases Are Vulnerable to Attack

According to a five-year study by California-based security firm Imperva Inc., 46 percent of all global on-premises databases have existing flaws that can be leveraged by outside attackers.

The study scanned 27,000 databases over a five-year period and found that the average database contains 26 vulnerabilities.

Geographically, the security firm's analysis branch, Imperva Research Labs, found that France was lagging behind other countries, with 84 percent of databases with at least one vulnerability and an average of 72 vulnerabilities per database. Australia was the next biggest offender, with 65 percent of vulnerable databases and 20 vulnerabilities per database, followed by Singapore at 65 percent and 62 vulnerabilities.

The good news for the United States was that, as a whole, stateside organizations did fall below the global average, with 37 percent of vulnerable databases and an average of 25 vulnerabilities per database.

The safest nations when it comes to on-premises servers were Mexico (19 percent and an average of 70 vulnerabilities per database), Germany (19 percent and an average of 64 vulnerabilities per database) and Brazil (19 percent and an average of 14 vulnerabilities per database).

When taking a look at the threats involved, Imperva found that 56 percent of CVEs (Common Vulnerabilities and Exposures) were categorized by severity levels of "high" or "critical," and many of the vulnerabilities observed being older than three years. According to the security firm, this points to an issue where many IT teams are not prioritizing routine device patching.

"Too often, organizations overlook database security because they're relying on native security offerings or outdated processes," said Elad Erez, Chief Innovation Officer at Imperva. "Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data."

Erez goes on to say that as long as physical databases continue to be implemented, the trending growth and scope of data breach incidents will continue to grow, as long as patching practices continue to be lax. In fact, just in the last 12 months, data leak incidents have increased by 15 percent, according to Imperva's analysis.

To put it in perspective, 2017 recorded 488 data breaches, resulting in 826,526,181 compromised records. In 2020, that ballooned to 1,120 breaches, with 20,212,424,547 records being compromised.

And with these unpatched vulnerabilities, that looks to increase. According to the firm, nearly 50 percent of all reported breaches occurred with an attack (typically phishing or malware) at the application level.

The simple solution: Increase your enterprise's overall focus on security and make sure routine patching is just that -- routine.

"The explosive growth in data breaches is evidence that organizations are not investing enough time or resources to truly secure their data," said Erez. "The answer is to build a security strategy that puts the protection of data at the center of everything."

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube