SQL injection main database security concern among SMBs

GreenSQL surveyed more than six thousand GreenSQL SMB users – IT administrators, DBAs, data security professionals and consultants – about their most critical database security concerns.

Respondents’ primary concerns were:

  • 51%: SQL injection attacks from internal and external users
  • 31%: Internal threats, including unauthorized database access, database administrator errors, and data exposure to non-privileged internal users
  • 18%: Regulatory compliance.

“In today’s environment, it isn’t a matter of whether you will be hacked, but when. Cybercriminals recognize that not only enterprises but also SMBs are especially vulnerable,” said GreenSQL CEO, Amir Sadeh. “Databases contain the crown jewels of an organization, which means a break-in by insiders or outsiders can cost millions in fines, lawsuits, and customer attrition.

“Many companies think they can’t afford complete data security protection,” he continued, “but GreenSQL offers four different packages to accommodate any budget. More than 100,000 SMBs in over 190 countries have chosen GreenSQL database security technology to protect their data from the entire threat spectrum because it is simple to install, easy to use and maintain – and effective.”

Cybercriminals use SQL injection to target both external websites and internal databases when seeking data for identity theft and other profitable black market activities.

Public websites serving as the face of an organization are known to be vulnerable to SQL injection attacks but so are internal collaborative sites as shown by the recent assault on the internal Nokia developer application.

Internal data security leaks, a concern of 31% of GreenSQL users surveyed, let corporate data get into the wrong hands. While developers, administrators, and customer service representatives all need data access, they should have different access privileges. In addition, true data protection covers threats from both employee theft and error.

Coordinating database access control and command permissions can significantly reduce data loss from errors while lowering the cost to repair any that remain.

Compliance ranks third in the survey as a top security concern. Lack of compliance with Sarbanes Oxley, PCI DSS, HIPPA, or other regulations can result in significant legal fees, negatively impinge on a company’s ability to do business, and reduce client and customer trust.

Don't miss