Security leaders say that most issues faced by database security are due to the disconnect between DBAs and security teams, right from the configuration to the end of database lifecycle
CIOs point out that the recent Meow attacks on various exposed databases on the Internet resulted in the deletion of complete repositories by unidentified miscreants. The hackers left behind a calling card after each episode. Leaders say that these attacks are carried out by hackers with years of experience and cause catastrophic damage if left unchecked.
Organizations said that the hackers attacked the “light versions” of their database and not the full versions. Strictly speaking, the light version database is available for free on the Internet and has limited features.
Database Architects (DBAs) and developers with a negligible focus on security and a lack of process/team for the security protocols tend to create such light versions. They store sensitive data on these versions but often fail to implement standard but critical security functionalities like authentication. As a result, anyone can access the login; they don’t even need a username.
Experienced and security-centric DBAs refuse to install anything-freemium or not-unless they have the proper authentication. Such professionals avoid installing any software from the public Internet.
Security leaders acknowledge that the organizations which were attacked in the Meow-attacks had not qualified even for the bare minimum security checks, which are preferred in the current scenario.
Exposure of sensitive data
CIOs say that every organization stores its data in the relevant database. As a result, any attack on these repositories will result in sensitive information will get leaked. The reports of such attacks are, however, more dramatic than the actual breach.
Security leaders clarify that hacking a database requires a low level of sophistication compared to the breach of other networks. These attacks have a negligible effect on an adequately protected database.
Most database breach requires the miscreants to scan the default ports in the servers. They tend to manipulate any port which does not have passwords or usernames. Such actions need minimal hacking knowledge.
Most organizations would not discuss the contents when a serious database breach occurs. Often companies do not publicly admit to the violation to protect clients. The company under attack and the security organization, helping them mitigate the attack, can’t discuss the breach in a public forum.
CIOs believe that the issue with database security right at the configuration moment. When the person taking care of the database configuration gives proper attention to proper configuration and necessary security measures, such potential attacks can be avoided.
However, in most scenarios, it’s mostly a DBA or a developer with low exposure to security training and protocols requiring access to the database. They end up making obvious mistakes during configuration, which causes security issues in the long run.
The disconnect between database teams and security teams makes the responsibility for the safekeeping of the data, unclear. CISOs think that it should be a shared responsibility between both teams. DBAs and developers don’t have relevant security training, and security personnel is not familiar with the complexity of data repositories.
CIOs propose necessary steps to take care of the database security, namely- assuming each piece of data in the repository as sensitive, deploying healthy authentication practices for every step in the database lifecycle, and ensuring that even C-suite leaders are aware of the database security personnel. The last point is critical to promote a feeling of accountability.