Almost half of all on site database globally contain some form of known and addressable security vulnerabilities, more than half of which have been classified as high or critical severity. according to a new survey.
Conducted over five years by cybersecurity vendor Imperva, the survey analyzed approximately 27,000 databases, finding that 46% contained vulnerabilities with an average of 26 vulnerabilities per database.
Too often, organizations neglect database security because it relies on native security offerings or outdated processes. While we continue to see a major shift towards cloud databases, the disturbing reality is that most organizations rely on on-premises databases to store their most sensitive data, ”observed Elad Erez, Director. of Imperva’s innovation.
Erez adds that due to the large number of vulnerable on-premises databases, it shouldn’t be surprising that there is an increase in the number of reported breaches.
Lack of security awareness
The regional analysis reveals that France comes first with 84% of vulnerable databases with an average of 72 vulnerabilities per database. The UK comes in fourth with 61% of databases vulnerable to an average of 37 vulnerabilities per database.
Imperva argues that since the majority of digitized databases process some of the most sensitive data, including that related to financial transactions, keeping it vulnerable to cyber attacks is a risky proposition not only for the organization, but also for its customers.
Whether it’s because of the perceived difficulty in patching these vulnerabilities, or even not knowing how exposed databases are, organizations are simply making it easier for attackers, ”says Imperva.
And since the real problem is a lack of security awareness, the company suggests that there is no guarantee that the move to cloud will make things better, as it could just mean that companies are simply trading one set of mistakes for another.
Instead, Erez suggests that businesses should respond by designing a comprehensive security strategy that revolves around protecting data, wherever it exists.
- Microsoft warns customers that Azure Cosmos DB vulnerability has exposed their databases for years
- Many Fortune 500 companies have serious IT security vulnerabilities
- WordPress 5.8.1 is now live and fighting website vulnerabilities
- Researchers list vulnerabilities exploited by ransomware gangs
- Microsoft Says Azure Users Will Have To Fix These Worrisome Security Flaws On Their Own
- GitHub identifies several nasty security vulnerabilities
- GitHub finds 7 code execution vulnerabilities in ‘tar’ and npm CLI
- Microsoft Azure virtual machines exploited to abandon Mirai, miners
- Millions of Microsoft servers run on vulnerable legacy software