One billion. That’s a number that’s hard to ignore, I thought as I read the 2012 KPMG Data Loss Barometer. A billion people have been affected by data loss in the past 5 years. That’s just about anyone with any money at all, when you think about it. In other words, at some point, somewhere, your password has almost certainly been stolen. If you’re a database administrator, you should be thinking about the information stored in your databases. What would happen if the personal information of your users or customers was compromised?
One of the reasons passwords are stolen so frequently is that it’s become quite easy. A beginning hacker can download ready-made kits for creating malware that steals login information from computers. It’s quite simple to learn how to use a free SQL Injection tool that can easily extract thousands or user names and passwords from a web site without proper security. Many people use the same password for all their accounts (email, ebay, PayPal, Facebook, etc), and email access is sufficient to run password recovery on most sites.
The market for email addresses and passwords (no need to say black market – it’s obviously illegal) is varied, with login information for a variety of online commerce sites ranging from $0.1 through $5 per login. Although most logins won’t give you access to the actual credit card of an individual, that’s no longer such a big deal. After all, stolen passwords are simply another commodity that can be purchased online too.
Why do people want credentials? What good are they? After all, if someone orders books from an online account and has them shipped to themselves, they are easy to catch. Numerous types of fraud can be committed with credentials, ranging from hijacking e-mail or social media login to spam other people, all the way through to faking someone’s identity in the real world. With a full name, e-mail address and last 4 digits of a credit card, someone can pretend to be a user and get login information to financial institutions.
It’s even worse because…
Password reuse makes every compromised password more valuable than just an individual login. If you’re a small or medium business, you probably aren’t using the kind of security measures the big e-commerce sites use. But you can also bet that your users aren’t using a special login and password just for your services. Whether we are talking about outside users, contractors, or employee, any password they are using in your system is probably replicated and used somewhere, if not everywhere, else that user logs in.
Your reputation is at stake
Breaches ultimately harm you. Customers and users don’t feel safe. Your company can face lawsuits and loss of business as a result of a data breach.
Who is at risk?
According to KPMG, the insurance, government, education, and technology sectors are at risk. But truthfully, this affects everyone. The bots differentiate primarily between protected and unprotected computers. Making sure your databases are secured is crucial if you are storing any kind of personal data about users, employees, or customers.
What kinds of protection are available?
It’s no longer enough to have protection from outside attacks. Protecting the database itself has become essential. Today’s database protection tools offer features such as:
- Database firewall with extensive rules-based protections.
- Data masking so that no unauthorized parties can receive the actual data.
- Separation of duties for database access, preventing extractions of large amounts of data by unauthorized entities.
- Advanced monitoring and real-time alerts of database access.
Protecting your databases is easy
Database protection isn’t just for large companies anymore. Click here to find out more.
Share this article