Database security solutions provider GreenSQL recently surveyed more than 6,000 small and medium-sized business IT professionals, database administrators and data security consultants about their most critical security concerns, and the results show that fears are as widespread among SMBs as they are in the enterprise class.
The respondents’ primary concerns were as follows:
51 percent: SQL injection attacks from internal and external users
31 percent: Internal threats, including unauthorized database access, database administrator errors and data exposure to non-privileged internal users
18 percent: Regulatory compliance
“In today’s environment, it isn’t a matter of whether you will be hacked, but when,” says GreenSQL CEO, Amir Sadeh. “Cybercriminals recognize that not only enterprises but also SMBs are especially vulnerable. Databases contain the crown jewels of an organization, which means a break-in by insiders or outsiders can cost millions in fines, lawsuits and customer attrition.”
Cybercriminals use SQL injection to target both external websites and internal databases when seeking data for identity theft and other profitable black market activities. Public websites serving as the face of an organization are known to be vulnerable to SQL injection attacks but so are internal collaborative sites as shown by the recent assault on the internal Nokia developer application.
Internal data security leaks, a concern of 31 percent of GreenSQL users surveyed, let corporate data get into the wrong hands. While developers, administrators and customer service representatives all need data access, they should have different access privileges.
In addition, true data protection covers threats from both employee theft and error. Coordinating database access control and command permissions can significantly reduce data loss from errors while lowering the cost to repair any that remain.
Compliance ranks third in the survey as a top security concern. Lack of compliance with Sarbanes Oxley, PCI DSS, HIPPA, or other regulations can result in significant legal fees, negatively impinge on a company’s ability to do business and reduce client and customer trust.
Used by more than 100,000 SMBs in over 190 countries, GreenSQL offers four different database security technology packages.