Databases should be more secure and require high level administration


The most sensitive part in a company's network is its database, where all the customer credentials are stored. Unfortunately, it is being neglected and thus making it a target for hackers. Read on to know how can a company's database is targeted and crashed? How to protect your database from hackers?

In my last article I wrote on security threat for Small and Medium scale businesses and this article is going to describe the Database security and vulnerabilities in Database management. Count of businesses and corporate networks are multiplying every year and at the same rate the cyber attacks too. The main targets of attackers are the databases where are the sensitive and confidential information is locked up. Actually why should we really consider database's security? Recently a gang of hackers in February emptied $45 million from ATMs in $2,000 increments. However, they were arrested by police in their second attempt. All this happened by altering the transaction limits and making duplicate cards using credentials in bank's database. Also, according to a report of info security magazine, 20 million user identities of Yahoo Japan might have been stolen. The easiest point of accessing should be the database where security levels are poor without proper management.

Why your Database can be a target?


Contingency Plans implemented by Companies
Attackers may attack a server even if they get no financial benefit from the information locked inside it. For example, your database may even be attacked or crashed even if it doesn't contain any credentials. Attackers simply make a DoS attack and flood your servers where these attacks consume maximum resources or bandwidth and become unavailable for the users who really deserve it. How can this benefit the hackers? Why not? They may blackmail you to pay in exchange for uplifting you from the attack. If at all your company's database is sensitive with customer credentials and account details, they may order a payment so that they wouldn't expose them. These kinds of attacks are common and a few months earlier even some most popular web hosts like HostGator.ch (Switzerland) faced one such attack. Of course, in majority of the cases no company makes a deal with hackers because they may lose customers for whom privacy is a major concern.

Phishing has become a major weapon for attacker to target mainly either a new company or an SMB. The probability of clicking a spear phished email increases with the increase in count of such mails. Even if an employee clicks such mail without knowing its vulnerability that could lead the entire database into attacker's hands. It is the primary security reason why many companies do not encourage BYOD (Bring Your Own Device). Employee access the company's network while he is at work using his device and he need not return the device in BYOD policy. The organisation's data and applications still may be present in his device and might be misused if that particular device is lost or stolen. Therefore it is a big challenge for companies to differentiate which information is really sensitive and who among the employees should be given access. Never underestimate that you are too small to be a target, because spying campaigns range from large high profile companies to individuals. Targets may not be specifically from hackers, due to the increase in competition, your competitors may try to steal your personal data. Verizon says that "who wants my info?" is a better question than "Am I a target of hackers?" This may increase your attention on your security levels and makes you implement better security levels. Most of the attacks i.e. approximately around 70 percent are being detected by outsiders but not the attacked company. This indicates the worst situation of security levels in organisations.

How can you make database more secure?


Several companies just deploy a new database and neglect installing security patches from time to time. Of course, it's a bit time taking process that testing patches but, what if they fall prey to an attacker? To overcome this effort, automated testing processes are being designed to let your database free from trouble. So, regular patching can keep our database more secure. Data leakage is a major loophole where database managers neglect that their network is secure from internet. It is quite easy for an attacker to interfere into the network interface to grab your data.

Enabling certificates like SSL (Secure Socket Layer) makes it difficult for a hacktivist to breach into your network since all the data is encrypted. Also, Transport Layer Security can be deployed for encryption and many are available in open source platform. Fact is that SQL injection is the main threat for databases since ten years. Also companies can use DAM (Database Activity Monitoring) technology that monitors your database in real time and blocks unwanted activities. But most of the companies with sensitive databases rely on Web Application Firewalls to block SQL injections and malicious traffic. But experts consider BAM and its extension DAMP as more secure tools than those Firewalls. No matter the sensitivity of information locked up in your database, you should get it secure from all types of web application, insider and phishing attacks and thus you can offer better, reliable and safer service to your customers.

Read


Comments

No responses found. Be the first to comment...


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: