How to prevent a database attack from happening on your network

 In Cyber Security Articles

Database attacks are a threat to every business, organisation and even individual.

The security of your computer and entire IT network needs to be watertight. However, even a robust cybersecurity policy may not be enough to prevent a database attack from happening. This is especially the case when a study has found that a database attack is attempted by a hacker every 39 seconds.

Database attacks are a threat to every business, organisation and even individual. Research has shown that over six billion records were exposed in publicly-disclosed data breaches in the first half of last year – that’s more than throughout 2016.

We should all know the basics of how to ensure company technology is not the victim of a database attack. But, there are a series of safeguards you can put in place to minimise that risk. Here’s our advice on extra considerations to help prevent a database attack, on top of your existing firewalls and anti-virus software.

SQL injection attacks

An SQL injection is a particular type of database attack which allows a hacker to clone or interfere with data, cause problems such as voiding transactions or even disclose, destroy or lock owners out of their own database server. They are common – in 2008, the number of SQL injection attacks leapt by 134% to hundreds of thousands happening every day. It was this method which led to a denial of service at Talk Talk in 2015 and fears that customer data, including payment details, had landed in the hands of hackers. Even three years ago, it was a well known type of database attack with security analysts surprised that a large company could have fallen foul to an SQL injection. A strong firewall and good database attack prevention housekeeping can help. However, there are also specific tools which can help prevent this type of popular attack from happening.

Use and abuse of privileges

Throughout your organisation, it is likely that different employees, teams and departments will have access to different types and levels of information and data.  Someone carrying out a database attack could take advantage of a flaw in database management software to change low-level access to high-level access, giving unrestricted privileges to cybercriminals.  

Research has shown that unauthorised access to a database through default or shared credentials account for 53% of database attacks. This is not just through traditional hackers but also by accident or otherwise by employees or as a result of issues including identity theft or industrial espionage. Therefore, a good rule of thumb is to underestimate what level of access to information your staff will need. This can always be increased if there is a strong business case to do so. But, err on the side of caution to help prevent a database attack from happening.

Patch management

This is a bit of a no-brainer when it comes to how to prevent a database attack from taking place. Patch management operating systems are definitely going to keep some threats at bay. It will highlight any holes or vulnerabilities in your network so they can be repaired before they leave you exposed to a database attack. However, relying on auto-updates is not enough to truly protect your network. Ensure you know your network like the back of your hand. Make sure your protection covers all operating systems, both inside the office and outside for remote workers. Regularly carry out patch management, or ask your IT support team to monitor this as a matter of daily course.

Don’t neglect the basics

On top of this level of database attack prevention, make sure the everyday ways to mitigate risk are not neglected. With database attacks happening so regularly to companies of all sizes, no-one can afford to be too careful. Change your passwords regularly. Update firewall software whenever possible. Backup everything on site and remotely. Think about your database configuration and vulnerabilities. Encrypt your data.

Not all organisations can take care of their IT in-house, including database attack prevention. This is where an outsourced IT department, such as the team here at Link IT, can help. We can get your network protected and ensure it is regularly and proactively safeguarded with updates, patch management and filtering.

Contact us to find out more.

Start typing and press Enter to search

Companies need to consider both GDPR and cyber security and how they can work together for them on a practical level. Click to find out more information on our blog.There are ways to keep yourself safe on social media. They are also far less drastic than no longer using the platform of your choice. Here’s our advice on how to ensure you bring together social media and cyber security as an individual, an employer or a business.