On-premise databases a huge cybersecurity blind spot, finds research

Firms putting customer data at risk

Posted 14 September 2021 by Christine Horton

Almost half (46 percent) of all on-premise databases worldwide contain known, addressable vulnerabilities – with more than half (56 percent) of those classed as high or critical severity.

That’s according to new research by cybersecurity firm, Imperva.

The five-year study of almost 27,000 databases found that 46 percent worldwide contain vulnerabilities, with an average of 26 per database. With these databases dealing with the most sensitive data organisations possess – for instance, processing financial transactions – there’s a real risk that businesses are, knowingly or not, putting their and their customers’ data at risk.

The findings indicate that that many organizations are not prioritising the security of their data and neglecting routine patching exercises. Based on Imperva scans, some CVEs have gone unaddressed for three or more years.

The UK performs worse than average – 61 percent of UK databases contain vulnerabilities, with an average of 37 per database. However France racked the highest at 84 percent.

“While organisations stress publicly how much they invest in security, our extensive research shows that most are failing,” said Elad Erez, CIO, Imperva. “Too often, organisations overlook database security because they’re relying on native security offerings or outdated processes. Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data. Given that nearly one out of two on-prem databases is vulnerable, it is very likely that the number of reported data breaches will continue to grow, and the significance of these breaches will grow too.”

Increased number of breaches

A separate study by Imperva Research Labs earlier this year found that the number of data breaches is growing by 30 percent annually while the number of records compromised increases by an average of 224 percent. 

For non-publicly accessible databases, attackers can use a range of tools such as SQL injections (SQLi) to exploit vulnerabilities in web applications that are connected to a database. This remains a consistent business threat as nearly 50 percent of breaches in the past several years originate at the application layer. Separately, attackers may use phishing and malware to gain a foothold in the internal network and then move laterally to the vulnerable database. 

When it comes to public databases, the threat is even greater as exploiting them requires even less effort. Attackers can search for vulnerable targets through tools such as Shodan and acquire exploit code through repositories like ExploitDB which hold hundreds of exploit POC codes. From there, the attacker can run the exploit from anywhere since the database has a public IP address.

Given the number of vulnerabilities that exist in on-premise databases, it should come as no surprise that the number of data leakage incidents has increased 15 percent over a 12-month average. An analysis of data breaches since 2017 shows that a majority (74 percent) of the data stolen in a breach is personal data, while login credentials (15 percent) and credit card details (10 percent) are also lucrative targets.

“Organisations are making it too easy for the bad guys,” said Erez. “Attackers now have access to a variety of tools that equip them with the ability to take over an entire database, or use a foothold into the database to move laterally throughout a network. The explosive growth in data breaches is evidence that organisations are not investing enough time or resources to truly secure their data. The answer is to build a security strategy that puts the protection of data at the center of everything.”