HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 11 MINUTES AGO.
You are here: Home / Press Releases / Study: Database Monitoring Is Key
Study: Database Monitoring Key to Reducing Breaches
Study: Database Monitoring Key to Reducing Breaches
News as reported by the company Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JUNE
10
2014


Ponemon Institute Study Reveals Continuous Monitoring of Database Networks is Key to Reducing Risk of National Retailer Type Breaches -- New Study Finds that Most Respondents Believed the National Retailer Attacks Involved SQL Injection as a Component of the Attacks

SAN DIEGO, June 10, 2014 -- Privacy and information security research firm Ponemon Institute, along with DB Networks, an innovator of behavioral analysis in database security, today announced the results of the Ponemon Institute’s study on the recent U.S. retailers breaches. The study found most respondents agreed that continuous monitoring of database networks is the best approach to avoid breaches such as the high-profile attacks against Target, Michaels and other U.S. retailers. Furthermore, more than half (57 percent) of respondents believed that the attacks against the U.S. retailers involved SQL injection as one of the components of the attacks.

“The SQL Injection Threat & Recent Retail Breaches” report was independently conducted by the Ponemon Institute, one of the world’s foremost authorities on data security and privacy. The research was conducted to gain a deeper insight into the recent U.S. retailers breaches, including to better understand why these retailers were so vulnerable, what security countermeasures could have been employed, and who was likely responsible for the attacks. The study analyzed responses from 595 IT security experts in the United States working across a broad spectrum of industries and also the public sector. “The SQL Injection Threat & Recent Retail Breaches” study respondents are very familiar with the security compliance requirements for retailers who accept payment cards, and 69 percent of the respondents indicated their organization must comply with Payment Card Industry Data Security Standard (PCI DSS).

“While details of the recent retailers breach haven’t yet been fully disclosed by the retailers who were breached or the U.S. Secret Service in charge of breach investigations, this study offers some interesting industry insight into these events from IT security professionals and experts familiar with PCI DSS,” said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute.

For a copy of the study, see: http://www.dbnetworks.com/form/Ponemon_SQL_Injection_Threat_And_Recent_Retail_Breaches.htm

Additional key findings of the study include:

• Fifty-three percent of respondents in total indicated that breach notification should occur within a month

• Initial reports were that a Russian teenager was the perpetrator of the Target breach, however half the respondents felt that it was actually the work of a cyber criminal syndicate. Only 15 percent responded that a lone wolf hacker was the likely culprit, while 11 percent responded that nation-state actors were likely responsible.

• While most respondents believed that the attacks against the retailers databases involved SQL injection, almost half of the respondents said the SQL injection threat also facing their own organization is very significant.

• Nearly two-thirds of respondents (64 percent) felt that their organization presently does not have the technology or tools to quickly detect SQL injection database attacks.

• Only one-third of respondents either scan continuously or daily for active databases. However, 25 percent reported they scan irregularly and 22 percent do not scan at all.

• Only 48 percent of respondents indicated that they test or validate third party software to ensure it’s not vulnerable to SQL injection.

• Forty-four percent utilize professional penetration testers to identify vulnerabilities in their IT systems; but 65 percent of those penetration tests do not include testing for SQL injection vulnerabilities.

“It’s well known that database breaches, including these high-profile attacks against the retailers, are devastating to merchants in terms of lost sales and damage to their reputation,” said Brett Helm, Chairman and CEO of DB Networks. “This study sheds additional light on the likely attack chain so that all retailers can now be more prepared in the future.”

About Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries.

About DB Networks

DB Networks® is innovating behavioral analysis technology in the field of database security. Developed for organizations that need to protect their data from advanced attacks, including Zero-Day attacks, DB Networks offers effective countermeasures against SQL injection attacks. Database attacks happen rapidly -- in a matter of minutes -- and bypass traditional perimeter security measures. DB Networks’ unique approach uses behavioral analysis technology to automatically learn each application’s proper SQL statement behavior. Any SQL statement dispatched from the application that deviates from the established behavioral model immediately raises an alarm as a possible attack. DB Networks is a privately held company headquartered in San Diego, Calif. For more information, see http://www.dbnetworks.com, or call (800) 598-0450.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN PRESS RELEASES
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Microsoft has some bitter rivals in the technology industry, but when it comes to thwarting government intrusion on customer privacy the software giant has plenty in common with its rivals.

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.