Protecting your database is a critical responsibility of today’s DBA. It has always been important to control access to a company’s data. The information contained in their databases includes business-critical intelligence as well as sensitive financial and personnel details regarding the organization and its customers. It is never a good idea to leave these vital resources open to unauthorized prying eyes.
The current focus on regulatory compliance has made this truer today than ever before. There are the traditional negative business implications that can result from a data breach or security flaw. Enterprises may also face substantial financial penalties for failing to conform to the regulatory guidelines which they are contractually obligated to follow. This situation creates a form of double-jeopardy where a business is punished twice for the same infraction. You can’t lower your guard because there are entities who want to get into your databases and cause havoc.
Recent Notable Data Breaches
There have been several large data breaches that impacted organizations across the business spectrum in 2018. Some of the more significant ones include:
Facebook - The company was impacted by two security breaches that affected around 50 million users. One intrusion involved code weaknesses which allowed exploitation of the social media platform’s “View As” privacy tool. This led to the exposure of names, contact details, and other sensitive information on 14 million users.
Marriott - This large hotel chain announced a data breach that may have led to the compromise of customer data for 500 million users. Compounding this issue is the fact that the problem seems to have been occurring for four years when a company merger with Starwood Hotels brought with it a reservation system rife with security flaws. The system had experienced a major credit card hack in 2014 perpetrated by an SQL injection bug. An inadequate security review during the acquisition process left Marriott using the same defective software which led to their loss of data.
Quora - Approximately 100 million users had personal and sensitive information exposed in an attack on Quora. Names, email addresses, and encrypted passwords were compromised by the data breach. Though the exact cause of the episode has not been released, it appears that a trusted third-party may have been involved. Quora is implementing tighter internal security measures intended to minimize the chances of a repeat performance.
Consequences of a Data Breach
There are immediate and tangible business ramifications that result from a company’s data being breached. An organization will be affected by the aftermath of an attack in several ways.
Financial consequences - The financial cost associated with a data breach can be crippling to a business. There is the specter of lawsuits and litigation by the entities affected by the security flaw. Regulatory penalties may also come into play, and new compliance guidelines such as GDPR are intended to cause real financial pain to an organization in an attempt to raise the bar on their security initiatives.
Internal database damage - Addressing the issues caused by a data intrusion include repairing any damage done to the company’s systems. This can be an expensive and time-consuming endeavor which puts additional stress on the IT staff and the business’s financial resources. Failure to take the corrective actions necessary may leave the organization exposed to similar exploits in the future.
Damaged reputation and lowered consumer confidence - This consequence is harder to quantify but may cause the most harm to companies that have been subject to a data breach. The loss of customers and an increased cost in attracting new ones can severely impact a business in the wake of an incident that compromises their patrons’ data. Rebuilding trust and confidence may be impossible and cause long-term injury to a company’s customer base and bottom line.
Minimizing the Risk of a Data Breach
There is no easy fix that will enable your company to avoid the dangers of a data breach. The distributed nature of our computing environments which can include multiple on-premises and cloud instances makes keeping your systems secure a daunting and complicated task. A robust security plan must include diverse aspects of your systems and infrastructure.
Ensuring that your network is secure forms the first line of defense against unauthorized users gaining access to your valuable data. Not allowing hackers into your infrastructure does not close all of your potential security flaws. As witnessed in the Quora data breach, trusted individuals may be involved in compromising your systems and information. Guarding against this sort of risk demands an application-level method of instituting strict security policies.
IDERA’s SQL Secure provides a tool that enables DBAs responsible for SQL servers to identify vulnerabilities and risks that may affect their systems whether they are located on-premises or in a private or public cloud. The application allows you to set strong security policies and view historical SQL server security settings.
SQL Secure can generate security report cards which identify risks to your databases and servers and categorize them based on the level of the threat. Analyze user permissions to verify that only authorized individuals have access to sensitive data. It assists with compliance by providing security templates that address various guidelines such as HIPPA and GDPR. With SQL Secure, you can keep the bad guys out of your database. Let them steal data from someone else this time!