Nearly 50% of On-Premises Databases Have Unpatched Vulnerabilities

 

The five-year longitudinal research conducted by cybersecurity firm Imperva revealed that nearly half of on-premises databases globally contain at least one flaw that could expose them to cyber-attacks.

Researchers scanned roughly 27,000 databases, finding 46% contained vulnerabilities at an average of 26 vulnerabilities per database. Unfortunately, 56% of those vulnerabilities were ranked as ‘critical or high severity’, and some of them have gone unaddressed for three or more years. This suggests that many organizations are not prioritizing the security of their data and neglecting routine patching exercises.

“Too often, organizations overlook database security because they’re relying on native security offerings or outdated processes. Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data,” said Elad Erez, Imperva's Chief Innovation Officer. 

A regional analysis of the data shows that France tops the list, with 84% of databases containing at least one flaw, at an average of 72 vulnerabilities per database. France is followed by Australia (65%, 20 vulnerabilities on average), Singapore (64%, 62 security flaws per database), UK (61%, 37 vulnerabilities on average), China (52%, 74 flaws per database), and Japan (50%). In the United States, 37% of databases have at least one vulnerability that could expose them to attacks, with an average of 25 issues per database. 

Given the number of security holes that exist in on-premises databases, it should come as no surprise that the number of data breach incidents has increased 15% over a 12-month average. An analysis of data breaches since 2017 shows that 74% of the data stolen in a breach is personal data, while login credentials (15%) and credit card details (10%) are also lucrative targets. 

“Organizations are making it too easy for the bad guys. Attackers now have access to a variety of tools that equip them with the ability to take over an entire database, or use a foothold into the database to move laterally throughout a network. The explosive growth in data breaches is evidence that organizations are not investing enough time or resources to truly secure their data. The answer is to build a security strategy that puts the protection of data at the center of everything,” Erez added.