With every passing year, cybersecurity attacks seem to be getting more brazen, intense and damaging. From enormous botnets that bring down the most popular websites in the world to government-sponsored hackers that seek to influence the result of an election in a rival country.
The danger of cyber attacks is further compounded by the rise of the Internet of Things (IoT). From the couple of billion devices connected to the Internet today, experts project at least tens of billions of gadgets will be plugged into the IoT within the next decade.
While there are numerous potential targets of a cyber attack, most hackers will focus on penetrating corporate databases. And with good reason—this is the place they are likely to get the highest payoff if their attack is successful.
The database contains the most sensitive information such as customer details, transaction histories, employee records, company financials, intellectual property, and corporate secrets. Keeping your company’s database secure is therefore vital. It all begins with knowing what the biggest threats are.
1.Poor Password Management
User IDs and passwords are the first and main barrier to an unauthorized person gaining access into your databases. Ergo, if your passwords aren’t strong enough or secured enough, you risk giving unfettered front door entry into your database. Though the average adult now knows what good password management involves, a surprising number of users and organizations have low standards for password protection.
A good password should have a mix of lower case letters, upper case letters, numbers, and special characters. A password should expire after 3 to 6 months and when it does, shouldn’t be reused for at least one year. Passwords should never be written down.
2.Unnecessary User Privileges
Database users should have rights assigned to them based on the principle of least privilege. Unfortunately, it isn’t unusual for system administrators to grant employees or third parties more privileges than they need to perform their work. Sometimes these are privileges that were meant to last for just a couple of weeks as part of a project role the user had been assigned but administrators subsequently forgot to revoke them.
Excessive privileges may be abused by the user. A hacker would also have more power than they otherwise would have if they were to hijack the account. System and database administrators should work closely with the human resources department to ensure user rights are consistent with the least privilege principle and that they only have the privileges they need. Regularly conduct a database audit to confirm that each user’s current privileges are required.
3.Inadequate Data Segregation
Your database likely contains a wide range of data of varying degrees of importance and sensitivity. Therefore, you cannot treat all the information in the database the exact same way. Data that is highly sensitive should receive a higher degree of protection.
You should classify all the data into different levels of sensitivity, then limit access to the most sensitive information to only a small group of authorized persons. You should be especially careful with the information third-party contractors can see when you give them temporary system access. Overall, no user should see data that they don’t need.
4.Absent or Inconsistent Patching
Each year, hundreds of database vulnerabilities are discovered. To seal these loopholes, software development companies will regularly release updates. If you do not apply these patches to your database and servers when they are released, you leave your systems vulnerable to a wide range of known weaknesses.
Remember, the average hacker usually doesn’t have the time to discover new loopholes. They’ll instead find out what database version you are running then search the web for the vulnerabilities associated with that version. They’ll subsequently seek to exploit these proven vulnerabilities. If your database doesn’t have the latest patches applied, you are at greater risk of attack and exploitation.
These are the main reasons databases become insecure. Others include poor audit trail monitoring, inadequate backups, unencrypted data, and human error. Understanding these weak points is vital in ensuring your database is secure and stable at all times.