Australia and Singapore have higher incidences of insecure databases

Organisations in Australia and Singapore have higher incidences of insecure databases, making them more susceptible to data breaches, a new study has found.

According to a five-year longitudinal study by Imperva, the proportion of databases with at least one known vulnerability was 65% in Australia and 64% in Singapore. However, the average number of vulnerabilities per database was higher in Singapore (62%) than Australia (20%).

Globally, organisations in France have the highest incidences of insecure databases, with more than eight in 10 databases having at least one known vulnerability. The findings were derived by scanning nearly 27,000 databases, and the average database contained 26 existing vulnerabilities.

More than half (56%) of the common vulnerabilities and exposures (CVEs) found were ranked as “high” or “critical” severity, aligned with guidelines from the US National Institute of Standards and Technology.

This indicates that many organisations are not prioritising the security of their data and neglecting routine patching exercises. Based on Imperva scans, some CVEs have gone unaddressed for three or more years.

“While organisations stress publicly how much they invest in security, our extensive research shows that most are failing,” said Elad Erez, chief innovation officer at Imperva. “Too often, organisations overlook database security because they are relying on native security offerings or outdated processes.”

Erez said that although there has been a major shift to cloud databases, the concerning reality is that most organisations rely on on-premise databases to store their most sensitive data.

“Given that nearly one out of two on-premise databases is vulnerable, it is very likely that the number of reported data breaches will continue to grow, and the significance of these breaches will grow too,” he added.

The unprecedented number of database vulnerabilities offers attackers a vast landscape of opportunity. A separate study by Imperva Research Labs earlier this year found that the number of data breaches is growing by 30% a year, while the number of records compromised is increasing by an average of 224%.

For non-publicly accessible databases, attackers can use a range of tools, such as SQL injections, to exploit vulnerabilities in web applications that are connected to a database. This remains a consistent business threat, as nearly 50% of breaches in the past several years originated at the application layer. Also, attackers may use phishing and malware to gain a foothold in the internal network and then move laterally to the vulnerable database.

When it comes to public databases, the threat is even greater, because exploiting them requires even less effort. Attackers can search for vulnerable targets through tools such as Shodan and acquire exploit code through repositories such as ExploitDB which hold hundreds of points-of-compromise codes. From there, the attacker can run the exploit from anywhere because the database has a public IP address.

Given the staggering number of vulnerabilities that exist in on-premise databases, it should come as no surprise that the number of data leakage incidents has increased 15% over a 12-month average.

An analysis of data breaches since 2017 shows that 74% of the data stolen in a breach is personal data, while login credentials (15%) and credit card details (10%) are also lucrative targets.

“Organisations are making it too easy for the bad guys,” said Erez. “Attackers now have access to a variety of tools that equip them with the ability to take over an entire database or use a foothold into the database to move laterally throughout a network.

“The explosive growth in data breaches is evidence that organisations are not investing enough time or resources to truly secure their data. The answer is to build a security strategy that puts the protection of data at the centre of everything.”