Saturday, February 27, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Data Science

5 Common Issues that Wreck Database Security and How to Solve them

October 18, 2019
in Data Science
5 Common Issues that Wreck Database Security and How to Solve them
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

With data growing at its highest rate ever, cyberattacks and digital warfare are on the rise to get hold of any crucial data. The malicious actors primarily target the data in organizations; if it’s important to you, so it is to them.

You might also like

The Ethereum Virtual Machine (EVM)

Levels of Measurement (Nominal, Ordinal, Interval, Ratio) in Statistics

Give Your Business Users Simple Augmented Analytics

Cybercriminals often target databases since they mostly store sensitive data — customer data, financial data, or intellectual property information. Whatever be the type of data, hackers can profit from breaching your organization’s servers and ransacking the databases. In the end, your business will incur losses.

So, it brings us to the question: what’s the solution? How to secure the data in your organization? Or how to secure the databases in your organization?

There are various database security techniques for securing databases. However, you must first understand the issues leading to insecure databases. “According to a new report issued by Dark Reading, there are a number of key security failures that cybercriminals take advantage of. However, it is often the staff of an enterprise — database developers, administrators and the like — who create the environment necessary for attacks to gain access to data,” wrote ZDNet.

That said, let’s discuss the most common issues that sabotage database security. As you’ll see, these issues in database-driven systems may result in any phase — during the database creation phase, deployment phase, or even later.

One of the most common reasons for an insecure database is the negligence during the deployment phase, i.e., when the application or database is finally set up for running in the live environment. So, what issues happen then?

Although functional testing and different types of software testing are usually performed on the to-be-deployed application (including its database), such tests don’t test the security of the database. If the database is doing something that’s non-required or wrong, software testing won’t be able to detect it.

What’s the solution? It’s of utmost importance that you test the to-be-deployed application and database with different types of tests including penetration or security tests. Such tests ensure that there are zero loopholes in the database including a misconfiguration that may be utilized by the attackers.

“The SQL Slammer worm—aka Sapphire or SQL Hell—was only 376 bytes when it appeared on January 25, 2003. Yet Slammer, deemed the fastest computer worm in history, raced around the Internet infecting 90 percent of vulnerable computers within 10 minutes (according to several sources, including Microsoft),” according to ITPro Today. It targeted a vulnerability in Microsoft’s SQL Server that was reported a year ago, but just a few admins patched their systems.

That means, if your database is vulnerable, its doom is inevitable. Also, since the cybercriminals today are fast to develop malware targeting newly discovered vulnerabilities, it’s very crucial to install the patches sooner than later.

What’s the solution? You must check for and install patches regularly in your systems. It’s true for every software — your database, your app libraries, and its underlying operating system. If there is a vulnerability anywhere, attackers may target it to compromise your systems; then, they may attack databases.

Applications are usually prioritized over databases since people assume them as the backend part of the whole system, thus it’s de facto secured from all online threats. However, it’s a common misbelief leading to database hacks.

On the contrary, databases also feature a networking interface, which might be tracked by cybercriminals, allowing them to capture the traffic coming into or going out of the database. This can be used by them to exploit it.

What’s the solution? Database admins should encrypt all traffic of the database using an industry-standard encryption scheme, let’s say SSL or TLS. Encryption directly deals with the security of the data in a database. So, if the attackers try to capture traffic, the database won’t leak data since it’s encrypted.

Among the two broad types of threats, insiders do more harm by stealing data — may be for making a profit or taking revenge. “The report suggests that insiders are also likely to steal archives — including database backups — whether for money, profit or revenge. This is a common problem for the modern enterprise, and businesses should consider encrypting archives to mitigate the insider-risk,” per ZDNet. Moreover, an attacker will steal any possible data after compromising a system — even if the data is an old backup, as was the case with Reddit.

Reddit — the popular news aggregation and discussion website — was hacked in 2018. In the attack, hackers gained access to a variety of data including their source code, internal files, employee files, and more. “Among the compromised information was a 2007 Reddit database backup, which means if you were using the platform back then, your account information from that time—like your email address, username, and password—has been exposed,” according to WIRED.

What’s the solution? You must eliminate the risk of attackers or any disloyal employee stealing data out of your organization. You can encrypt database and file backups, implement industry-proven security standards, and implement an endpoint solution to keep a check on the data handled by the employees.

“The research team says that over the past three years, every database exploit they’ve seen has been based on the misuse of a standard database feature. For example, a hacker can gain access through legitimate credentials before forcing the service to run arbitrary code. Although complex, in many cases, this access was gained through simple flaws that allow such systems to be taken advantage of or bypassed completely,” according to ZDNet. That means, a feature — in its original form — may also be exploited by cybercriminals to attack the database.

Moreover, the set of less-used features or tools usually are the last to get fixes for their vulnerabilities. In some cases, their bugs are not even discovered until it’s too late, i.e., less-used features or tools present more security risks.

What’s the solution? The surface area of possible attacks must be minimized by removing less-used or unnecessary features and tools. They may or may not have vulnerabilities, but if you don’t use them, it’s best to disable them. Then, the database will also get simpler for testing, finding, and fixing the bugs.

That’s all about the most common issues that sabotage database security. At the least, you must follow the above solutions to improve the security of the data in your organization. Also, follow the industry’s best standards like PCI DSS.


Credit: Data Science Central By: Evan Morris

Previous Post

Startup Pavilion at AI World Showcases Innovation and Promise

Next Post

Zappos data breach settlement: users get 10% store discount, lawyers get $1.6m

Related Posts

The Ethereum Virtual Machine (EVM)
Data Science

The Ethereum Virtual Machine (EVM)

February 27, 2021
Levels of Measurement (Nominal, Ordinal, Interval, Ratio) in Statistics
Data Science

Levels of Measurement (Nominal, Ordinal, Interval, Ratio) in Statistics

February 27, 2021
Give Your Business Users Simple Augmented Analytics
Data Science

Give Your Business Users Simple Augmented Analytics

February 26, 2021
The Beginner Guide for Creating a Multi-Vendor eCommerce Website
Data Science

The Beginner Guide for Creating a Multi-Vendor eCommerce Website

February 26, 2021
How Machine Learning Discretely Assists Data Scientists
Data Science

How Machine Learning Discretely Assists Data Scientists

February 24, 2021
Next Post
Zappos data breach settlement: users get 10% store discount, lawyers get $1.6m

Zappos data breach settlement: users get 10% store discount, lawyers get $1.6m

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

MindMed Closes Acquisition of HealthMode, a Leading Machine Learning Digital Medicine Company
Machine Learning

MindMed Closes Acquisition of HealthMode, a Leading Machine Learning Digital Medicine Company

February 27, 2021
How AI Can Be Used in Agriculture Sector for Higher Productivity? | by ANOLYTICS
Neural Networks

How AI Can Be Used in Agriculture Sector for Higher Productivity? | by ANOLYTICS

February 27, 2021
Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid
Internet Security

Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid

February 27, 2021
The Ethereum Virtual Machine (EVM)
Data Science

The Ethereum Virtual Machine (EVM)

February 27, 2021
Healthcare leaders debunk 3 myths about machine learning
Machine Learning

Providence exec explains the differences, their healthcare applications

February 27, 2021
Future Tech: Artificial Intelligence and the Singularity | by Jason Sherman | Feb, 2021
Neural Networks

Future Tech: Artificial Intelligence and the Singularity | by Jason Sherman | Feb, 2021

February 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • MindMed Closes Acquisition of HealthMode, a Leading Machine Learning Digital Medicine Company February 27, 2021
  • How AI Can Be Used in Agriculture Sector for Higher Productivity? | by ANOLYTICS February 27, 2021
  • Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid February 27, 2021
  • The Ethereum Virtual Machine (EVM) February 27, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates