Cyber attacks hit record-high vulnerabilities in 46 percent of all databases
15.02.2022A guest post by Kai Zobel *
Despite increasing spending on cybersecurity, attacks and compromised data sets continue to increase, although companies are trying by all means to minimize the damage.
As web applications become more and more complex, potential security vulnerabilities lurk in every system, both for external attackers and insiders.
(© Egor – stock.adobe.com)
As a recent study by Bitkom shows, nine out of ten companies were victims of hacker attacks in 2019 and 2020. The damage to German companies amounts to more than 220 billion euros per year. With extortion, system failures and operational disruptions, the criminal attacks are once again causing record damage – an increase of 358 percent. Already every tenth company sees its business existence threatened.
Vulnerabilities in almost every second database
The situation is particularly critical with on-premise databases – and this is where particularly sensitive data is often stored. Imperva recently published a study with alarming results on database security: worldwide, 46 percent of all on-premise databases are vulnerable to attacks, with an average of 26 vulnerabilities per database. The longitudinal study scanned almost 27,000 databases over a period of five years.
More than half (56 percent) of the vulnerabilities found were classified as “high” or “critical” according to the guidelines of the National Institute of Standards and Technology (NIST), the study results indicate that many companies give low priority to the security of their data and neglect routine patching. According to the cybersecurity experts, some of the CVEs (common vulnerabilities and Exposures) remained undetected on the local databases for three or more years.
The regional analysis shows considerable differences between the individual countries: at 19 percent, the number of endangered databases in Germany is significantly lower than in countries such as France (84 percent), Australia (65 percent) or Singapore (64 percent). However, with regard to the number of vulnerabilities per database on average, German databases occupy the upper ranks with 64 vulnerabilities. Only France (72), China (74) or Mexico (70) have more vulnerabilities per database on average.
The unprecedented number of vulnerabilities in databases offers attackers a wide range of possibilities. Earlier this year, another study by the Imperva research team showed that the number of data breaches is increasing by 30 percent annually, while the number of compromised data records is increasing by an average of 224 percent.
Web applications as a gateway for attacks on databases
Despite increasing spending on cybersecurity, attacks and compromised data sets continue to increase, although companies are trying by all means to minimize the damage. So why is the number of successful attacks increasing even though more protective measures are being taken?
Attackers are developing increasingly sophisticated tactics to circumvent conventional perimeter or endpoint solutions and thus gain access to sensitive data. The research team found that in recent years, almost 50 percent of data security breaches originated in the web application layer. Although this is not a new trend, attackers still manage to use SQL injection (SQLi) or Remote Code execution (RCE) to exploit vulnerabilities in web applications associated with an organization’s data stores.
Companies must therefore rethink their security concept and the tools in their tech stack. Protecting the web application layer has been a focus of the security industry for years, and yet attackers keep finding ways into it. This is partly due to an operational problem that needs to be solved: when application and data security are managed separately, gaps arise that savvy attackers can exploit.
Security teams should therefore prepare for a disturbing and unprecedented year. The Imperva Research Center predicts about 40 billion compromised data sets by the end of 2021 – that’s more than twice as many as last year.
Real-time results and improved user functions at the expense of security
What can decision-makers do to prepare themselves? Become aware of the risks, make cybersecurity a top priority and get employees on board.
After that, it is important to take a look at the greatly changed nature of application development and IT infrastructure. Monolithic applications have dissolved into a sea of APIs, microservices and serverless functions. For end users, modern DevOps means faster development and thus more innovative digital services.
However, the improved user experience and more efficient application leads to a new and complex threat landscape. Every part of the software development lifecycle interacts with a variety of data stores to enable real-time results and better user functions – especially here data security is at risk.
Security teams need to figure out how to observe the particularly difficult-to-monitor, ephemeral workloads in real time. In addition, the number of APIs from first and third-party providers multiplies every second, which is an additional risk. In fact, the number of new API vulnerabilities has increased by four percent in 2020.
Sensitive data was the most frequently affected. This also explains the growing trend of data security breaches in the web application layer: without an effective security layer, how can companies monitor or block malicious activities across all paths – from the edge to the application, API to the data store?
Traditional approach to security falls short
As web application environments become more and more complex, potential vulnerabilities lurk in every system, both for external attackers and insiders. With only one goal: access to sensitive data.
In order to protect stored data, it may seem sufficient to maintain fully patched databases and authorization lists as well as to introduce native security functions (data encryption, defined users). While that’s a good start, these controls won’t be enough to fend off sophisticated attacks. SQLi attacks are able to bypass defense mechanisms and then control access or modify and delete records in the underlying databases. In some cases, even the operating systems of the servers hosted by database services can be accessed.
Regardless of the composition and structure of sensitive data, attackers are always motivated to access it. For this reason, companies need to implement security on all data stores; with a focus on protecting the data itself and not just the applications and networks that surround and interact with it.
Whether for proactive, preventive security or for responding after an incident or both: it is important to understand where the data is stored, whether it is classified, whether the right access controls are in place and whether there are strong tools for auditing and anomaly detection.
When all these aspects are taken into account, it quickly becomes clear that a traditional security approach cannot work. During a cyber kill chain, organizations need complete visibility across the entire web application environment. Only with an approach that prioritizes the security of the data itself can companies avoid negative headlines.
Kai Zobel is Area Vice President EMEA Central at Imperva. Most recently, Zobel was entrusted with the development of sales teams and the partner landscape at Fortinet and Thales eSecurity. Earlier in his career, he held positions as Head of Security for Central Europe at Verizon Business, Cisco Systems and Utimaco. In 2003, as Channel Manager Central Europe, he was responsible for the return of Rainbow, a provider of USB security tokens, to the German market. From 2012, as Regional Director for the DACH region, he built up the two-stage indirect sales channel and the German-speaking team for Skybox Security.