With data growing at its highest rate ever, cyberattacks and digital warfare are on the rise to get hold of any crucial data. The malicious actors primarily target the data in organizations; if it’s important to you, so it is to them.
Cybercriminals often target databases since they mostly store sensitive data — customer data, financial data, or intellectual property information. Whatever be the type of data, hackers can profit from breaching your organization’s servers and ransacking the databases. In the end, your business will incur losses.
So, it brings us to the question: what’s the solution? How to secure the data in your organization? Or how to secure the databases in your organization?
There are various database security techniques for securing databases. However, you must first understand the issues leading to insecure databases. “According to a new report issued by Dark Reading, there are a number of key security failures that cybercriminals take advantage of. However, it is often the staff of an enterprise — database developers, administrators and the like — who create the environment necessary for attacks to gain access to data,” wrote ZDNet.
That said, let’s discuss the most common issues that sabotage database security. As you’ll see, these issues in database-driven systems may result in any phase — during the database creation phase, deployment phase, or even later.
One of the most common reasons for an insecure database is the negligence during the deployment phase, i.e., when the application or database is finally set up for running in the live environment. So, what issues happen then?
Although functional testing and different types of software testing are usually performed on the to-be-deployed application (including its database), such tests don’t test the security of the database. If the database is doing something that’s non-required or wrong, software testing won’t be able to detect it.
What’s the solution? It’s of utmost importance that you test the to-be-deployed application and database with different types of tests including penetration or security tests. Such tests ensure that there are zero loopholes in the database including a misconfiguration that may be utilized by the attackers.
“The SQL Slammer worm—aka Sapphire or SQL Hell—was only 376 bytes when it appeared on January 25, 2003. Yet Slammer, deemed the fastest computer worm in history, raced around the Internet infecting 90 percent of vulnerable computers within 10 minutes (according to several sources, including Microsoft),” according to ITPro Today. It targeted a vulnerability in Microsoft’s SQL Server that was reported a year ago, but just a few admins patched their systems.
That means, if your database is vulnerable, its doom is inevitable. Also, since the cybercriminals today are fast to develop malware targeting newly discovered vulnerabilities, it’s very crucial to install the patches sooner than later.
What’s the solution? You must check for and install patches regularly in your systems. It’s true for every software — your database, your app libraries, and its underlying operating system. If there is a vulnerability anywhere, attackers may target it to compromise your systems; then, they may attack databases.
Applications are usually prioritized over databases since people assume them as the backend part of the whole system, thus it’s de facto secured from all online threats. However, it’s a common misbelief leading to database hacks.
On the contrary, databases also feature a networking interface, which might be tracked by cybercriminals, allowing them to capture the traffic coming into or going out of the database. This can be used by them to exploit it.
What’s the solution? Database admins should encrypt all traffic of the database using an industry-standard encryption scheme, let’s say SSL or TLS. Encryption directly deals with the security of the data in a database. So, if the attackers try to capture traffic, the database won’t leak data since it’s encrypted.
Among the two broad types of threats, insiders do more harm by stealing data — may be for making a profit or taking revenge. “The report suggests that insiders are also likely to steal archives — including database backups — whether for money, profit or revenge. This is a common problem for the modern enterprise, and businesses should consider encrypting archives to mitigate the insider-risk,” per ZDNet. Moreover, an attacker will steal any possible data after compromising a system — even if the data is an old backup, as was the case with Reddit.
Reddit — the popular news aggregation and discussion website — was hacked in 2018. In the attack, hackers gained access to a variety of data including their source code, internal files, employee files, and more. “Among the compromised information was a 2007 Reddit database backup, which means if you were using the platform back then, your account information from that time—like your email address, username, and password—has been exposed,” according to WIRED.
What’s the solution? You must eliminate the risk of attackers or any disloyal employee stealing data out of your organization. You can encrypt database and file backups, implement industry-proven security standards, and implement an endpoint solution to keep a check on the data handled by the employees.
“The research team says that over the past three years, every database exploit they’ve seen has been based on the misuse of a standard database feature. For example, a hacker can gain access through legitimate credentials before forcing the service to run arbitrary code. Although complex, in many cases, this access was gained through simple flaws that allow such systems to be taken advantage of or bypassed completely,” according to ZDNet. That means, a feature — in its original form — may also be exploited by cybercriminals to attack the database.
Moreover, the set of less-used features or tools usually are the last to get fixes for their vulnerabilities. In some cases, their bugs are not even discovered until it’s too late, i.e., less-used features or tools present more security risks.
What’s the solution? The surface area of possible attacks must be minimized by removing less-used or unnecessary features and tools. They may or may not have vulnerabilities, but if you don’t use them, it’s best to disable them. Then, the database will also get simpler for testing, finding, and fixing the bugs.
That’s all about the most common issues that sabotage database security. At the least, you must follow the above solutions to improve the security of the data in your organization. Also, follow the industry’s best standards like PCI DSS.
Credit: Data Science Central By: Evan Morris
