Ponemon Institute Study Reveals Continuous Monitoring of Database Networks is Key to Reducing Risk of National Retailer Type Breaches -- New Study Finds that Most Respondents Believed the National Retailer Attacks Involved SQL Injection as a Component of the Attacks
(Page 2 of 2)
• Nearly two-thirds of respondents (64 percent) felt that their organization presently does not have the technology or tools to quickly detect SQL injection database attacks.
• Only one-third of respondents either scan continuously or daily for active databases. However, 25 percent reported they scan irregularly and 22 percent do not scan at all.
• Only 48 percent of respondents indicated that they test or validate third party software to ensure it’s not vulnerable to SQL injection.
• Forty-four percent utilize professional penetration testers to identify vulnerabilities in their IT systems; but 65 percent of those penetration tests do not include testing for SQL injection vulnerabilities.
“It’s well known that database breaches, including these high-profile attacks against the retailers, are devastating to merchants in terms of lost sales and damage to their reputation,” said Brett Helm, Chairman and CEO of DB Networks. “This study sheds additional light on the likely attack chain so that all retailers can now be more prepared in the future.”
About Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries.
About DB Networks
DB Networks® is innovating behavioral analysis technology in the field of database security. Developed for organizations that need to protect their data from advanced attacks, including Zero-Day attacks, DB Networks offers effective countermeasures against SQL injection attacks. Database attacks happen rapidly -- in a matter of minutes -- and bypass traditional perimeter security measures. DB Networks’ unique approach uses behavioral analysis technology to automatically learn each application’s proper SQL statement behavior. Any SQL statement dispatched from the application that deviates from the established behavioral model immediately raises an alarm as a possible attack. DB Networks is a privately held company headquartered in San Diego, Calif. For more information, see http://www.dbnetworks.com, or call (800) 598-0450.