It isn’t surprising that massive database breaches are costing companies upwards of $51 billion when the list of targeted companies grows by the day. And it’s major companies like HomeDepot, Target, Sony, JPMC, and eBay that have been hacked. Experts estimate that each breach costs upwards of $200 per exposed record, and large databases of customer information mean multiplying costs for companies to control the damage.
Costs of Data Breach Are Rising
Major Concerns for Companies
Recently Anthem, one of America’s largest health insurance companies, experienced a major breach, which means that more than 80 million current and former customers have been affected. Customers’ most sensitive data has been compromised, names, social security numbers, date of birth, employment information, addresses, and even some data on salary.
Particularly tricky in managing the repercussions of the breach is that any SPAM and phishing will be more difficult for consumers to spot because it will have accurate data in the emails, so even identity theft measures put into place may not work.
Database Security Has Changed
It’s a key time for employers to ensure that their data is secured. The numbers tell us that 84 percent of companies feel that their database is adequately secure, however, 56 percent of those same companies have experienced a breach within the last year. And companies aren’t feeling too optimistic about future attacks too. Seventy-three percent of companies surveyed anticipate that attacks will increase.
Databases are vulnerable not only for easily guessed accounts and passwords, or excessive privileges, but also external threats like web application attacks (SQL injection), insider mistakes, weak audit controls, and social engineering.
As companies create policies, there are a few key measures that should be taken. Set a policy for strong passwords or passphrases. Perform database Auditing and perform event monitoring. Install security patches because sometimes a database server is compromised with just a simple query, and be sure to test patches on non-production databases. Protect access to the server by only allowing trusted hosts, and block outbound connections, and unused ports. Companies can also protect databases by disabling excess functionality, and using selective encryption, such as SSL at the network level, and database proprietary protocols.
After implementing protective measures, as a company, you’ll be in a much better position. There are still risks, however, once hackers find layers of database protections, they’ll move on and find an easier target.