According to research, 46 percent of all on-premise databases are vulnerable to cyberattacks. Read on to know more…
The average database contains 26 existing vulnerabilities, according to research by Imperva, a five-year longitudinal study of roughly 27,000 scanned databases.
According to the National Institute of Standards and Technology (NIST), 56 percent of the Common Vulnerabilities and Exposures (CVEs) discovered were ranked as ‘High’ or ‘Critical’ severity. This suggests that several businesses do not place a high priority on data security and do not do routine patching exercises. According to Imperva scans, certain CVEs have been unpatched for three or more years.
Elad Erez, Chief Innovation Officer, Imperva, said “While organizations stress publicly how much they invest in security, our extensive research shows that most are failing,”
“Too often, organizations overlook database security because they’re relying on native security offerings or outdated processes. Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data.
“Given that nearly one out of two on-prem databases is vulnerable, it is very likely that the number of reported data breaches will continue to grow, and the significance of these breaches will grow too.”
Significant Differences Exist between Countries
Significant differences between countries are revealed by regional analysis, with countries like France (84 percent), Australia (65 percent), and Singapore (64 percent) having substantially higher incidences of insecure databases.
While the number of insecure databases in countries like Germany and Mexico is relatively low, the number of susceptible databases is far higher than the average when it comes to the number of exploitable flaws.
Large Opportunities for Hackers
The unparalleled number of database flaws provides attackers with a huge field of opportunity. According to another report released earlier this year, the frequency of data breaches is increasing by 30% yearly, while the quantity of records affected is increasing by 224 percent.
Attackers can employ a variety of tools like SQL injections (SQLi) to exploit vulnerabilities in web applications that are connected to a database for non-publicly accessible databases. This is still a significant business threat, as roughly half of all breaches in recent years have originated at the application layer.
The threat is considerably larger when it comes to public databases, because exploiting them involves even less effort. Attackers can use tools like Shodan to look for weak targets and acquire exploit code from repositories like ExploitDB, which have hundreds of exploit POC codes. Since the database has a public IP address, the attacker can run the exploit from anywhere.
Data leakage incidents are being fueled by vulnerabilities in on-premises databases
Given the astonishing number of vulnerabilities in on-premises databases, it should come as no surprise that data leakage incidents have climbed 15 percent on average over the last 12 months. According to an analysis of data breaches conducted since 2017, personal data accounts for 74 percent of the data stolen in a breach, with login passwords (15 percent) and credit card details (10 percent) also being lucrative targets.