Data breaches in business networks are on the rise, and the numbers will probably continue to rise due to the increasing focus by consumers, regulatory bodies and governments. Industry analyst Forrester Research calculates the direct costs of a database breach for nonfinancial companies at $15 per customer, covering customer notification and offers of credit monitoring services, IT remediation, revenue impacts from lost customers, and direct legal and audit fees. For a financial firm that issues credit cards, Forrester adds another $35 per customer, for a total of $50. Calculating total costs per incident, IT security specialist Ponemon Institute LLC estimates that each security breach incident costs $14 million. Overall, analysts estimate 2006 impacts of database breaches in 2006 at about $1 billion.
While data breaches are very costly in financial terms, they also come at a price to the business’ reputation and customer confidence. According to a recent IT Policy Compliance Group report, business losses can be significant if the breach is reported. Benchmarks show businesses experiencing a publicly reported data loss expect to see an eight percent decline in customers and revenue, an eight percent decline in the price per share for publicly traded firms, and additional expenses averaging $100 per lost customer record for firms that publicly disclose data losses and thefts.
There are four categories that cover ways that data can become breached:
- Accidental Exposure: Information leaked via error
- Dishonest Insider: Abuse of employee privileges
- Stolen Computer: Employee reporting computer missing
- Hacking: Gaining unauthorized access
Database breaches differ in several ways from hacker attacks, viruses, worms, spam, phishing and other types of threats. Focused on information rather than infrastructure, attempts to compromise database defenses are often motivated by financial gain rather than attention. Due to the lucrative possibilities, the sophistication of database attacks is rising. Professional criminals, not amateurs, are staging the attacks, and the severity of the impact is rising.
Just as there are new attackers, there are new patterns of attack. External hacking, accidental exposure, lost or stolen backup tapes, and lost or stolen computers are still significant sources of data leakage. But database attacks are often launched with the active participation of authorized insiders who access critical data by:
- Hacking application servers: Gaining access through an application, circumventing infrastructure-based defenses.
- SQL injection: Done by injecting SQL commands into otherwise innocuous fields, compromising database security from outside corporate networks.
- Abusing privileges: An employee who abuses their data access privileges.
There are some tried and true security solutions that help protect databases. These include:
- Role-based access controls to narrow down who can access what information in the database.
- Encryption on the network to protect against eavesdroppers, and field encryption in case the database server is physically stolen or broken into.
- A host-based IDS to help protect against a malicious attack on the database server OS.
- A network-based IDS to help protect against a malicious attack on the network.
These techniques help harden the database environment – but the database is still vulnerable to the insider attack. Who do you trust on the inside, and how do you monitor those that you trust?
Symantec Database Security offers new solutions designed to help your small business protect its most critical data from loss, leakage, and data fraud by:
- Providing real-time detection of leakage of sensitive company information.
- Analyzing behavior against established policies and access history to identify anomalous behavior, even by authorized users.
- Meeting audit requirements by logging all data flowing into or out of the database—adding no overhead—and storing the data to a secure repository.
- Improving control of information assets.
- Enhancing the coordination between business and IT groups.
Data breaches are becoming a high-profile element of the threat environment. Most data-centers are too complex and porous to protect critical information. That’s why a data-centric approach is called for—one that examines all transmission of information for critical patterns, without compromising database, application, or network performance. Symantec Database Security reduces risk without interrupting normal operations – which can mean a huge savings for your business.