Predicting the Unknown Part 1: Managing Emerging Database Threats
Chuck Farman | | December 19, 2019
Especially in tech, the only true constant is change. Evolving technologies – good and bad – introduce new features to old database programming every day. Most of these changes are amazing, but some can be both criminal and costly. Oracle looked into the future to anticipate emerging database dangers and developed the tools you will need to avoid them in your database management practices.
The Costs of Database Breaches Continue to Rise
If your company hasn’t safely protected its data from the wide variety of today’s cyber threats, then it is at risk of incurring significant costs in the form of damages and repairs when breaches and failures occur. Statistics reveal that, by the end of 2018, the ‘real’ expense of failing to protect vital corporate information was in the millions of dollars per company, and in the trillions of dollars globally. One notable example: that year, utility company Pacific Gas & Electric was fined $2.7 million for inadvertently sharing 30,000 pieces of ‘confidential information’ with an unsecured third-party contractor. A subset of that private data was available for discovery online through the third-party website, with no password or User ID needed.
Further, that $2.7 million is just a fraction of the trillions of dollars of cyber crime costs incurred by companies that fail to protect their enterprise data or the databases in which they store it. And statistics suggest those threats and their related costs will continue to rise. By the year 2021:
- The aggregate cost to global industries is expected to top $6 trillion.
- Businesses will have spent upwards of $1 trillion on cyber security.
- Despite that spend, unfunded and unfilled cyber security jobs are expected to reach 3.5 million. That gap will leave countless companies without the internal resources they need to keep their information safe.
So what are the primary cyber security concerns for today’s executives? Not knowing where those emerging threats will come from, nor what to do about them when they hit the corporate servers.
Three Major Concerns for 2020 and Beyond
Analysts suggest several weaknesses in today’s database programming leave it vulnerable to exploitation, and three of those exist in almost every organization:
Inappropriate cloud database configurations
Earlier this year, white-hat researchers found cloud database that had no known owner, no discernable purpose, and – most troubling – no security programming. Its information vault exposed the confidential data of more than 80 million Americans to anyone with an internet connection. While certainly an anomaly, the discovery underscores the importance of knowing where your data lives, who’s configuring those databases, and who’s in charge of keeping it all safe.
Knowing who has access to your corporate data is also a critical component of database security. Most companies have policies and protocols about who can access which elements of the base and why, but many fail to have systems in place to detect when those rules aren’t followed. In a recent Google study, 1.5% of all login information was found to be vulnerable to a hack, as people default to simple or repetitive passwords that are easy to guess. Once thieves identify one password, they can mine through the rest of that person’s web presence to discover other assets ‘hidden’ behind that same failed wall.
No Identified Security Strategy
Another challenge: failing to have a strategic security plan in place. In many cases, companies add security systems and their vendors incrementally over time, as those needs become apparent. Those multiple vendors, however, can also complicate the overall security system, with each overseeing just their aspect of the overall security system, but none monitoring the system as a whole. And the number of known vulnerabilities is growing; one study revealed over 5,500 vulnerabilities were disclosed in Q1 2019, the most ever reported in a single three-month period. Experts suggest sticking with one security vendor for all your enterprise security needs and being sure to comply with all their updates and recommendations.
Oracle 19c Database Responds to Database Threats
Fortunately, Oracle is already in front of the database security concern, as is clearly demonstrated by the newly released Oracle Database 19c. Building on its strong legacy foundations, the revised database administration programming covers all corporate bases to ensure comprehensive database security across all organizational sectors. Further, note that extended support for Oracle 11.2 ends in December 2020, and Oracle 19c is designed to provide the tools your enterprise needs to protect against known and emerging vulnerabilities up to and beyond that date.
Contact Datavail’s Oracle 19c experts to ensure your enterprise is safe despite ongoing evolving changes in database security threats.
Read This Next
Oracle has announced that December 2020 is the date that extended support ends. Customers relying on 11.2 for their database needs need to be thinking of next steps in the case of total database failure.
Subscribe to Our Blog
Never miss a post! Stay up to date with the latest database, application and analytics tips and news. Delivered in a handy bi-weekly update straight to your inbox. You can unsubscribe at any time.
The “ORA-12154: TNS:could not resolve the connect identifier specified” Oracle error is a commonly seen message for database administrators.
Which RAID should you use with SQL Server? Learn the differences between RAID 0, RAID 1, RAID 5, and RAID 10, along with best practices.