Database Security in a Dynamic IT World

Database Security in a Dynamic IT World

Databases are under attack. Public statements by Target, Home Depot, and Anthem following their highly publicized data breaches are both uniform and succinct on how their breaches unfolded: unauthorized access to IT systems that ultimately led to extraction of sensitive information.2 Excerpts from Home Depot’s and Anthem’s statements serve to illustrate:

Home Depot – Criminals used a third-party vendor’s user name and password to enter the perimeter of Home Depot’s network. These stolen credentials alone did not provide direct access to the company’s point-of-sale devices. The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot’s network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada. In addition to the previously disclosed payment card data, separate files containing approximately 53 million email addresses were also taken during the breach.

Anthem – These attackers gained unauthorized access to Anthem’s Information Technology (IT) system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/Social Security numbers, street addresses, email addresses and employment information, including income data.

Data breach costs are mounting. Although the impact of data breaches on brand and business is difficult to segregate from other influences, what is clear is that there are tangible expenses that the breached companies incur; for example, in their good faith efforts to protect affected individuals from further damage with free credit monitoring and identity protection services. Also, class-action lawsuits represent another expense. Target, for example, received preliminary approval on a $ million settlement related to its 2013 breach; a token amount relative to $ million, primarily in legal fees, the company reportedly spent in 2014.3 There are also forensics investigations to conduct, usually through a third party, and changes in technologies and processes to ward off a breach reoccurrence.

  • Introduction1
  • Database Security's Four Primary Requirements
    • Discovery and Classification
    • Vulnerability Assessment
    • Database Activity Monitoring
    • Protection
  • The Last Word

Download our eBook: How to Succeed Using Market Research

Learn how to effectively navigate the market research process to help guide your organization on the journey to success.

Download eBook