46% of On-Prem databases worldwide contain vulnerabilities: France is the most “vulnerable”, and China has the most bugs on average

Recently, Imperva, a network security solution provider, released a set of research reports.

The report data shows that 46% of the global On-Prem databases are full of vulnerabilities. Some have existed for several years. On average, each database contains 26 vulnerabilities. More than half (56%) of the data vulnerabilities are classified as “high”. Or "serious". At the same time, the proportion of "fragile" databases in France is by far the most serious in the world (84%); in terms of the average number of bugs per database, China has 74 and France has 72.

The Imperva research laboratory has obtained the "unprecedented" research results after scanning insights on 27,000 internal databases around the world in 5 years. The results of the study paint a grim picture: Nearly half (46%) of the global internal databases have at least one unpatched Common Vulnerability and Exposure (CVE), and the average database has 26 vulnerabilities, and more than half (56%) are critical Sex is classified as "high" or "serious".

Data shows that in terms of unprotected databases, France is the most “vulnerable”, with 84% of its scanned databases containing at least one vulnerability, and the average number of vulnerabilities per database is 72. China's data in this area is 52% (74 vulnerabilities on average), ranking fifth.

The research results also show that nearly 50% of organizations around the world have not been able to patch and update their database software in a timely manner. Imperva's research found that some CVEs have remained unchanged for three or even five years in a row.

Imperva predicts that by the end of 2021, another 40 billion records will be destroyed, including billions of data, most of which are sensitive or identifiable, and may be maliciously exploited by cybercriminals in the future.

It is reported that the standard way to damage databases that are not publicly accessible is through network application vulnerabilities, such as SQLi or phishing and malware, designed to allow attackers to gain a foothold on the Internet.

Imperva warned that before deploying the attack code, attackers can scan exposed targets through tools such as Shodan, making it easier to access public databases.

Therefore, it is very easy for hackers to find these vulnerabilities through scanning tools commonly used on the Internet. For example, on repositories such as ExploitDB, a simple search can provide the necessary proof of concept (POC) code to perform weakening attacks, such as privilege escalation, bypass authentication, and remote code execution, and finally allow Intruders filter data, demand ransoms, and even travel freely throughout the network. Therefore, loopholes can be easily exploited with serious consequences.

By observing these data, we can't help asking: Is there a fundamental problem with the way global enterprises and organizations deal with data security? Considering the number of damaged records that is growing by 224% each year, the answer to this question should be yes.

The popularity of cloud platforms for storing sensitive data is worrying

Imperva calls this current situation a "rampant global technology epidemic". One of its "symptoms" is the existence of vulnerabilities in the global internal database, and these vulnerabilities usually store the organization's most sensitive data.

Currently, global cloud infrastructure and database environments are increasingly used (it is estimated that 50% of data is stored locally), but this is not a problem that can be solved by itself.

Elad Erez, chief innovation officer of Imperva, said that despite the growing popularity of cloud-based platforms, the news is worrying.

"Many times, organizations ignore database security because they rely on native security products or outdated processes. Given that nearly 50% of on-prem databases are vulnerable, the number of data breaches reported in the future is likely to continue to increase. The importance will also increase."

Considering that most organizations continue to store their most sensitive data locally, this can lead to financial loss, reputation damage, and regulatory penalties. Therefore, it is important to differentiate the method of data protection.

Faced with the "explosive growth" of data breaches, companies have not invested enough time or resources to truly protect their data. Therefore, establishing a security strategy centered on data protection has become the key to solving this situation.

Establish a security strategy centered on data protection

It is indeed a huge challenge for all enterprises to solve the security problem of this scale. In this regard, Imperva also gave some suggestions: Let companies understand that endpoints and application patches and security tools are important, but not enough to significantly reduce the risk of data leakage. Maintaining a patch management program is the way to solve this problem, especially for data-centric assets. The focus is on using data security solutions to protect the data itself.

Imperva stated that every security team can follow 5 main steps to enhance the security of its on-prem database:

1. Discover and classify data: Organizations tend to think they know where all their data repositories are and what kind of data they hold. Automate this process so that there are no blind spots and assumptions where sensitive data resides.

2. Evaluate vulnerabilities and patch vulnerabilities: You need to verify that you are running the database with the latest security patches.

3. Review visibility and protect against damage: Know who is accessing the data, when, where, and what data they accessed. Enable policies designed to prevent database attacks, or create custom policies to reduce access.

4. Perform regular assessments: the database will change and its configuration will also change. Make sure you understand how they change and whether your database administrator (DBA) has configured them incorrectly, or just didn't implement best practices.

5. Identify data access anomalies: Databases are a large number of resources accessed, and it is almost impossible to identify anomalies manually. Deploy anomaly detection tools to detect that application users of the database are beginning to behave like humans, or that DBA access looks like instances of data misuse or leakage.

When we talk about security, we must start with the data itself. If this is not secure, a vulnerable web application or database will become a vulnerable path. Therefore, the focus must be to gain full visibility into all data, no matter where the data is located, knowing who is accessing the data and from where it is.

In addition, security also involves a unified approach in which data and all its paths are protected in a cohesive manner. Independent data and application security lack context to interrupt multi-vector attacks. Each defense layer must work together to protect critical data.

Written at the end:

Indeed, today, when the number of data breaches is increasing at an alarming rate of 30% per year, it is indeed surprising that the number of database vulnerabilities worldwide is so high. Imperva's research report also gives global companies a "wake-up" that data security issues need to be taken seriously, and there is "a long way to go."