You Have Chosen Poorly...

What do Target, Neiman Marcus, and Michael's all have in common besides their retail lineage?  They all have been subject to catastrophic data breaches this year. Now when we say catastrophic, we are not embellishing, for these breaches aren't just a slight oversight, they are monumental in size, in Target’s case alone, 40 million credit cards and 70 million personally identification records were stolen leading to the resignation of the company’s CEO.  Needless to say, all victimized would spout that they had all the latest Security technologies in place.  In fact, some may even spout the state of the art of what the market has to offer.  So what happened?

They're digging in the wrong place!

You spend all your time putting in a fancy lock on the Door, but forget that the hinges are exposed.  In short, as far as the search for Secure data, "They're digging in the wrong place!"  According to a study released this month by privacy and security research firm Ponemon Institute and database security specialist DB Networks, a majority of security experts believe that the venerable technique of SQL injection was an important component of these attacks.

SQL Injection, Why Did it have to be SQL Injection?

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

The Ponemon Institute and DB Networks surveyed 595 IT and IT security professionals, the majority of whom said they were familiar with core intrusion detection system (IDS) technologies that detect rogue SQL statements. Further, 69 percent of those surveyed said their organization must comply with the Payment Card Industry Data Security Standard (PCI DSS).

• 65 percent of the organizations represented in the study had experienced a SQK injection attack in the past 12 months that had successfully evaded their perimeter defenses, and 

• 49 percent of respondents said the SQL injection threat facing their company is significant.

• The majority of these experts -- 65 percent -- believe the best way to defend against SQL injection attacks and avoid mega data breaches like the one suffered by Target is through continuous monitoring of the database network followed by advanced database activity monitoring (56 percent) and database encryption (49 percent). 

And yet, when asked how the IT security budget is allocated in their organizations, these experts said the lion's share (40 percent) is allocated to network security, 23 percent is allocated to Web server security and only 19 percent is allocated to database security.

Just Say'n Guys...

Source(s):

• http://www.itnews.com/retail/80801/are-digital-retailers-focusing-their-security-wrong-place#sthash.8evzzYN0.dpuf

So “Once more unto the breach, dear friends, once more;”

____________________________________________________________

About Rick Ricker

An IT professional with over 22 years experience in Information Security, wireless broadband, network and Infrastructure design, development, and support.

For more information, contact Rick at (800) 399-6085 x502