7 Ways You Give Thieves Dibs On Your Database

  /     /     /  
Publicated : 22/11/2024   Category : security


7 Ways You Give Thieves Dibs On Your Database


Bad database security habits make life easy for hackers and malicious insiders.



Every new data breach that hits the headlines snowballs the embarrassment for the IT security community, especially because this constant follies show revolves around recurring themes.
Data breaches tend to happen because organizations are making the same mistakes over and over again. These poor practices usually start at the database. Here are some of the ways organizations make it easy for hackers and insiders to gain a one-way pass right into the databases crown jewels.
1. Leaving Database Unpatched
DBAs fear the functions that vendors will break with their latest security updates, but allowing that fear to put the patch cycle into indefinite delay gives even the most unskilled hackers a huge opportunity to steal truckloads of data.
Some huge holes are getting fixed with each patch, and the exploit code is almost always posted on the Internet for any script kiddie to cut and paste into an attack, said Josh Shaul, chief technology officer for Application Security Inc.
2. Not Seeking Out Rogue Databases
You cant secure the databases you dont know about, said Patrick Bedwell, vice president product marketing for Fortinet. And yet he frequently runs across customers that dont maintain inventories of their databases or scan for rogue databases. Its a problem because those databases are out there.
It is a common practice to install small footprint databases and populate them with production data for development and testing, Bedwell says.
Hackers love it when organizations dont keep track of rogue databases because these are the ones that are most likely to be unpatched, left wide open to attack since the security team hasnt had a pass at them.
3. Granting Excessive Privileges
When time is crunched and resources spread thin, it is very tempting to just blanket the user base with a ton of access privileges and move on, says Noa Bar Yosef, senior security strategist at Imperva. But all it takes is one user to abuse those privileges to cause a huge problem, she warned.
Read the rest of this article on
Dark Reading
.
Security professionals often view compliance as a burden, but it doesnt have to be that way. In this report, we show the security team how to partner with the compliance pros.
Download the report here
. (Free registration required.)

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
7 Ways You Give Thieves Dibs On Your Database