Here’s the problem with securing on-premise databases

When it comes to data, businesses today want to have them stored either on-premise or in the cloud. Companies dealing with sensitive data would likely analyze and store them on-premises. While some may use the flexibilities of the cloud to run workloads on their data, technology has enabled data kept on-premise to also reap the same benefits of the cloud.

Security and regulatory requirements are the reasons why certain organizations can only work on their data on-premise. Despite the added security layers that a cloud database can provide, organizations might feel the risk is just too high.

However, a recent threat intelligence report by Imperva showed that nearly half of all on-premise databases are vulnerable to cyberattacks. Imperva Research Labs conducted a five-year longitudinal study, compromising 27,000 scanned databases, and discovered that the average database contains 26 existing vulnerabilities.

Out of these vulnerabilities, more than half of the common vulnerabilities and exposures found are ranked as high and critical severity, aligned with guidelines from the National Insitute of Standards and Technology. Not only does this indicate that organizations are not prioritizing the security of their data, but they are also neglecting routine patching exercises — with some vulnerabilities and exposures going unaddressed for three or more years.

According to Imperva Chief Innovation Officer Elad Erez, while organizations stress publicly how much they invest in security, Imperva’s extensive research shows that most are failing.

“Too often, organizations overlook database security because they’re relying on native security offerings or outdated processes. Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data,” said Erez. “Given that nearly one out of two on-prem databases is vulnerable, it is very likely that the number of reported data breaches will continue to grow, and the significance of these breaches will grow too.”

Countries with riskiest databases on-premise

Imperva’s regional analysis showed significant disparities between nations. France was the highest with 84% of databases with at least one known vulnerability and an average of 72 vulnerabilities per database. This was followed by Australia (65%) and Singapore (64%). The UK came in fourth, with over half (61%) of its databases having at least one known vulnerability.

Given the strictness of the GDPR and the UK’s data privacy protection regulations, it is rather surprising to find both these countries having high figures of vulnerable databases. Any breach of these databases could lead to serious repercussions for the organizations involved.

However, for countries such as Germany and Mexico, while the number of insecure databases is relatively low, those that are exposed are well above the average when it comes to the number of vulnerabilities capable of exploitation. For example, only 19% of Germany’s databases have at least one vulnerability, but research also shows that each of those databases could have about 70 vulnerabilities.

An invitation for cybercriminals

There is no denying that such vulnerabilities for on-premises databases will only offer cyber attackers a vast landscape of opportunity. With data breaches growing annually by 30% and the number of records compromised increasing by an average of 224%, organizations need to fix the vulnerabilities on their on-premises databases as soon as they can.

Be it public or private databases, there is a wide range of tools cybercriminals can use to exploit the vulnerabilities. For example, cybercriminals can use SQL injections to exploit vulnerabilities in web applications that are connected to non-publicly accessible databases. They may also use phishing tactics and malware to gain a foothold in the internal network before moving laterally to the vulnerable database.

Meanwhile, public databases face a greater threat. Not only does it require less effort, but attackers can also search for vulnerable targets using tools such as Shodan and acquire exploit code through repositories like ExploitDB which holds hundreds of points of compromise (POC) codes. From there, the attacker can run the exploit from anywhere since the database has a public IP address.

As Erez puts it, organizations are only making it too easy for the bad guys. With a variety of tools available today to cybercriminals, data breaches will only continue to increase. “The explosive growth in data breaches is evidence that organizations are not investing enough time or resources to truly secure their data. The answer is to build a security strategy that puts the protection of data at the center of everything,” he explained.

Data kept on-premise is still seemingly the safer way to keep secure data protected — but the process may be pointless if the database is not well secured. Updating database patches and checking for vulnerabilities are the simplest data protection measures organizations can do. At the end of the day, if they do not take their on-premise data security seriously, they are only leaving the door unlocked for cybercriminals.