Data Breach Pulse Check: On-Prem Database Security – Security Intelligence

data-breach-pulse-check:-on-prem-database-security-–-security-intelligence

As you may know that someone could be secretly watching you or your child with your webcam right now? Is it worth taking such a risk? camDown can help stop them!

A recent industry study analyzed 27,000 on-prem databases across the globe, with surprising findings. In far too many cases, on-premises database security is weak. The good news is that you can manage the risk to cut down on the chance of a data breach. 

Nearly half (46%) of internal data assets in the study had at least one unpatched Common Vulnerability and Exposure (CVE). The average database had 26 vulnerabilities. Of those, 56% were ranked as ‘High’ or ‘Critical’, according to the National Institute of Standards and Technology (NIST) guidelines.  

These openings draw cyber criminals like bees to honey. They leave the door wide open to attack and the high cost of a data breach. Now, many chief information security officers are seeking improved IT infrastructure strategies to reduce on-prem risk.

Lessons From the Microsoft Data Breach Response

In March 2021, Microsoft reported it was the victim of a state-sponsored cyberattack from the Chinese group Hafnium. The exploit affected over 30,000 groups across the U.S., including local governments, agencies and businesses. 

In the Microsoft breach, threat actors used zero-day attack techniques. This enabled them to extract data from hundreds of thousands of on-premise servers running Microsoft’s Exchange software. 

Hafnium breached the on-premise servers through a mixture of stolen passwords and formerly unknown vulnerabilities. Attackers then built a web shell around the servers, thus enabling constant access to exfiltrate email data.

The Hafnium attack exploited unknown vulnerabilities in Microsoft’s software. Since then, Microsoft released patches to correct these exposures. However, any business or agency remains at risk if they continue to run the unpatched Exchange software.

Database Security Exploits

Threat actors can easily scan for on-prem database vulnerabilities using tools like Exploit Database (DB) or Shodan. ExploitDB is an archive of exploits that helps keep public databases secure. It helps IT teams understand what weaknesses might be hidden in their databases. But scanners are a double-edged sword. Criminals can use these tools to locate open doors, too.

Threat actors can search ExploitDB and find the proof of concept code required to launch attacks. From privilege escalation to authentication bypass to remote code execution — intruders can steal data or move throughout a breached network.

Reducing risk goes beyond simply looking up and patching CVEs. It requires a more holistic understanding of your infrastructure and the risks that come with it. A solid refresh plan helps to achieve a more robust, long-term defense. 

Don’t Put it Off — Plan for a Data Breach

Some businesses have left vulnerabilities unresolved for far too long. And they know it. Forrester surveyed 350 global enterprise IT decision-makers in infrastructure, application management or maintenance and software development. 

The survey found that 61% of companies delayed infrastructure refresh a few times or more in the last five years. Why does this happen? In many cases, they kept moving it to the back of the to-do list. If you put a system in place and plan for refreshes, they are more likely to happen. If you wait until your teams get around to it, you might as well never refresh.

What’s the risk? Millions of your customers’ personally identifiable information (PII) data could end up for sale on the darknet. Or, threat actors might demand a hefty ransom to decrypt mission-critical files. Also, regulatory agencies are tightening the rules surrounding vulnerabilities and incident reporting. For example, GDPR ‘Privacy by Design’ means you should build database security in. Any proven on-prem vulnerability, therefore, is not private by design. 

Is the Cloud Safe Enough?

When you try to promote an IT infrastructure security investment, you get a lot of pushback. Today’s business landscape contains a mix of public cloud providers, private cloud and on-premises infrastructure. Some argue the cloud is cheap, easy and secure. But is this true? 

According to the Forrester report, 46% of IT leaders feel the public cloud doesn’t meet their data security needs. Also, 85% of IT leaders agreed to make on-premises infrastructure a critical part of their hybrid cloud strategy. Their reasons probably come from reports like these:

  • 75% of large companies had breaches in 2019
  • 64% of enterprises say data breach is the leading cause of downtime
  • $116M is the average cost of a public company data breach.

These stats reveal that database risk avoidance is critical for business growth. It’s essential to protect high-value customer data and workloads in the data center and elsewhere. Otherwise, business owners face losing hard-won customer trust and loyalty.

The Business Case for On-Prem

In the Forrester report, the top-ranked reasons for using on-premises resources for select workloads and applications were:

  • Greater assurance of compliance (45%)
  • Mitigation of security vulnerability of data in transit (44%)
  • Improved application/infrastructure performance (43%)
  • Cost reductions (42%).

This debunks any notion that the data center is just another cost center. Instead, modern business success continues to rely on on-prem resources.

To optimize performance and productivity, firms leverage on-premises infrastructure for 48% of both mission-critical and data-intensive workloads. That’s why 75% of IT leaders plan on increasing investment in IT infrastructure outside of the public cloud within two years.

Minimize On-Prem Database Vulnerabilities

For on-prem vulnerabilities, how do you mitigate the risk? A big part of the battle is your mindset. Making infrastructure refresh a top priority is key. It’s important to establish a clear, detailed infrastructure strategy. The plan should commit to on-prem workloads and focus on issues as a primary driver of refresh decisions. 

Another key tactic is to adopt effective defensive methods, such as pervasive encryption and identity and access management (IAM). Pervasive encryption occurs at the database, data set or disk-level so customers don’t need to change or adjust applications. Meanwhile, IAM uses machine learning and AI to analyze parameters (user, device, activity, context and behavior) to determine whether or not to grant access. 

Remember, IT performance is critical since it can directly impact customer experience, brand reputation and overall costs. Organizations that struggle to keep up refresh plans might choose to leverage subscription-based infrastructure refresh options. 

The worst thing you can do is ignore the risk. Instead, develop a solid plan of action to secure your on-prem assets to protect business growth. 

On a final note, don't forget that camDown helps stop foreign state actors (FSA's) from accessing your webcam!