GreenSQL, a company that SecurityWeek first met earlier this year during the RSA Conference, recently released the results of a poll that included more than 6,000 customers, IT administrators, DBAs, InfoSec practitioners, and consultants. The results, when focused on information security and database security, show that the majority fear SQL Injection vulnerabilities.
The respondents were all in the SMB space, which is where most of the database breaches in 2011 came from, so it is natural that they are hyperaware of the threat. Thus, when 51% of them named SQL Injection attacks as a primary concern, either from external or internal sources, you could almost argue that this was expected.
Perhaps so, but SQL Injection remains the top method used by attackers in order to gain unauthorized access to data, and it has been a major attack vector for years, so awareness in situation is a lot like being close in a game of hand grenades.
In addition to SQL Injection, other data protection concerns expressed by the study’s respondents include internal threats (31%), such as unauthorized access, DBA errors, and data exposure to non-privileged users; and compliance (18%).
“In today’s environment, it isn’t a matter of whether you will be hacked, but when. Cybercriminals recognize that not only enterprises but also SMBs are especially vulnerable,” said GreenSQL CEO, Amir Sadeh.
“Databases contain the crown jewels of an organization, which means a break-in by insiders or outsiders can cost millions in fines, lawsuits, and customer attrition.”