A five-year longitudinal study of specific global databases has concluded that more needs to be done to secure data.
Threat intelligence research reported by one cybersecurity firm has indicated that 46% of all on-premises databases studied were vulnerable to attack.
A five-year longitudinal study conducted by Imperva Research Labs, comprising around 27,000 scanned databases, discovered that the average database contained 26 existing vulnerabilities.
In the study, 56% of the Common Vulnerabilities and Exposures (CVEs) found were ranked as ‘High’ or ‘Critical’ in severity, aligned with the National Institute of Standards and Technology (NIST) guidelines. Some CVEs had been unaddressed for three or more years.
Regional analysis uncovered significant disparities between nations, with countries such as France (84%), Australia (65%) and Singapore (64%) having much higher incidents of insecure databases.
For countries such as Germany and Mexico, while the number of insecure databases was relatively low, those that are vulnerable were well above the average when it came to the number of vulnerabilities capable of exploitation.
Said the firm’s Chief Innovation Officer, Elad Erez: “Too often, organizations overlook database security because they’re relying on native security offerings or outdated processes. Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data. Given that nearly one out of two on-prem databases is vulnerable, it is very likely that the number of reported data breaches will continue to grow, and the significance of these breaches will grow too.”
Other findings include:
- According to Imperva’s own data, the number of data breaches grew by 30% annually while the number of records compromised increased by an average of 224%.
- In terms of the percentage of on-prem databases with at least one known vulnerability, Australia, Singapore, China and Japan ranked well above the global average of 39%. These regional countries had half or more of their databases vulnerable.
- Australia had the region’s highest incidence of vulnerable databases, at 65%. This was also the second highest on the study, just behind France. Singapore had an average of 62 vulnerabilities per database, more than triple that of Australia.
- For non-publicly accessible databases, attackers can use a range of tools such as SQL injections (SQLi) to exploit vulnerabilities in web applications that are connected to a database. This remains a consistent business threat as nearly 50% of breaches studied by Imperva in the past several years originated at the application layer.
- When it comes to public databases, the threat is even greater as exploiting them requires even less effort. Attackers can search for vulnerable targets through tools such as Shodan and acquire exploit code through repositories like ExploitDB which hold hundreds of points of compromise (POC) codes. From there, the attacker can run the exploit from anywhere since the database has a public IP address.
- Given the staggering number of vulnerabilities that exist in on-premises databases, the studies sample group showed the number of data leakage incidents had increased 15% over a 12-month average. Analysis of its own data breach data since 2017 shows that 74% of the data stolen in a breach was personal data, while login credentials (15%) and credit card details (10%) were also lucrative targets.
Erez noted that: “Organizations are making it too easy for the bad guys. The explosive growth in data breaches is evidence that organizations are not investing enough time or resources to truly secure their data. The answer is to build a security strategy that puts the protection of data at the center of everything.”
|Country||% of databases with at least one known vulnerability||Average number of vulnerabilities per database|
|Peer country average||39%||56|