Thursday 16 April 2009

Verizon's 2009 Data Breach Investigations Report: The importance of knowing your database

Yesterday, Verizon issued its 2009 Data Breach Investigations Report, and what stands out is the report’s findings of increased exploitation of known network or database weaknesses by outsiders. Specifically, 91 percent of all compromised records were linked to organized crime groups, and 67 percent of the breaches occurred because of significant errors on the part of the network or database security.

One of the two types of hacking identified in the report, SQL injection, has seen an insurgence since last May, and has been tracked intensively by Secerno. The ability to automate SQL injection attacks has resulted in an explosion in number of these attacks. In plain terms, an SQL injection attack sends an extra command to the database, getting it to perform an action, such as stealing data. When you combine SQL injection attacks with the presence of organized crime, you have a scenario in which data is stolen or manipulated almost immediately for fraudulent means. These are not proof-of-concept attacks or efforts by hackers to make a name for themselves. SQL injection has changed the data breach game by providing a quick means for financial gain for organized crime syndicates and others.

Verizon provided solid recommendations for prevention against data breaches, including not holding sensitive data. Obviously all businesses run on data so this, they admit, is not practicable so they advise “the next best thing is to retain only what is required for business or legal reasons, to know where it lives and flows, and to protect it diligently.

Secerno recommends taking these efforts one step further by understanding typical behavior for all databases, and creating blocks against activity that deviates from normal actions. This granular level of understanding is essential in environments under threat, but, unfortunately it is not commonplace, as Verizon found, 69% of the data breaches were discovered by a third party.

Understanding where data flows and protecting databases diligently is what we do at Secerno.