Imperva Research Labs released the findings of new threat-intelligence research, indicating that 46 percent of on-premise databases, worldwide, are vulnerable to attack, with the average database containing 26 existing vulnerabilities.
This data, which seemingly points to the need for increased reliance on cloud-based and other remote services that can be automatically updated by the provider, indicated that 56 percent of common vulnerabilities and exposures (CVEs) were listed as “High” or “Critical” in terms of severity. Labels are based on the National Institute of Standards and Technology (NIST). This statistic, Imperva noted, is indicative that “many organizations are not prioritizing the security of their data and neglecting routine patching exercises.” Some vulnerabilities, it was also revealed, have gone unaddressed for “three or more years.”
In terms of geographic disparity, countries such as France (84 percent), Australia (65 percent) and Singapore (64 percent) reported higher instances of insecure databases, with data leakage incidents increasing 15 percent Y2Y. The U.S., coincidentally, ranked seventh at 37 percent.
“While organizations stress publicly how much they invest in security, our extensive research shows that most are failing,” says Imperva CIO, Elad Erez. “Too often, organizations overlook database security because they’re relying on native security offerings or outdated processes. Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data. Given that nearly one out of two on-prem databases is vulnerable, it is very likely that the number of reported data breaches will continue to grow, and the significance of these breaches will grow too.”
The study was conducted over a five-year period and examined 27,000 databases.