Security Experts:

SQL Injection Named Top Database Concern for SMBs in Recent Survey

GreenSQL, a company that SecurityWeek first met earlier this year during the RSA Conference, recently released the results of a poll that included more than 6,000 customers, IT administrators, DBAs, InfoSec practitioners, and consultants. The results, when focused on information security and database security, show that the majority fear SQL Injection vulnerabilities.

The respondents were all in the SMB space, which is where most of the database breaches in 2011 came from, so it is natural that they are hyperaware of the threat. Thus, when 51% of them named SQL Injection attacks as a primary concern, either from external or internal sources, you could almost argue that this was expected.

Perhaps so, but SQL Injection remains the top method used by attackers in order to gain unauthorized access to data, and it has been a major attack vector for years, so awareness in situation is a lot like being close in a game of hand grenades.

In addition to SQL Injection, other data protection concerns expressed by the study’s respondents include internal threats (31%), such as unauthorized access, DBA errors, and data exposure to non-privileged users; and compliance (18%).

“In today’s environment, it isn’t a matter of whether you will be hacked, but when. Cybercriminals recognize that not only enterprises but also SMBs are especially vulnerable,” said GreenSQL CEO, Amir Sadeh.

“Databases contain the crown jewels of an organization, which means a break-in by insiders or outsiders can cost millions in fines, lawsuits, and customer attrition.”

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.