Data Breach Pulse Check: On-Premises Database Security

A recent industry study analyzed 27,000 on-premises databases around the world, with surprising results. In too many cases, on-premises database security is weak. The good news is that you can manage risk to reduce the chances of a data breach.

Nearly half (46%) of internal data assets in the study had at least one unpatched Common Vulnerability and Exposure (CVE). The average database contained 26 vulnerabilities. Of these, 56% were rated as “high” or “critical,” according to National Institute of Standards and Technology (NIST) guidelines.

These openings attract cybercriminals like bees to honey. They leave the door wide open to attacks and the high cost of a data breach. Today, many information security managers are looking for improved IT infrastructure strategies to reduce on-premises risk.

Lessons learned from Microsoft’s data breach response

In March 2021, Microsoft announced that it had been the victim of a state-sponsored cyberattack by the Chinese group Hafnium. The exploit affected more than 30,000 groups across the United States, including local governments, agencies, and businesses.

During the Microsoft breach, threat actors used zero-day attack techniques. This allowed them to pull data from hundreds of thousands of on-premises servers running Microsoft’s Exchange software.

Hafnium hacked on-premises servers with a mix of stolen passwords and previously unknown vulnerabilities. The attackers then built a web shell around the servers, allowing constant access to exfiltrate email data.

The Hafnium attack exploited unknown vulnerabilities in Microsoft software. Since then, Microsoft has released patches to correct these exposures. However, any business or agency remains at risk if it continues to run unpatched Exchange software.

Database security exploits

Threat actors can easily scan for vulnerabilities in on-premises databases using tools such as Exploit Database (DB) or Shodan. ExploitDB is an archive of exploits used to secure public databases. It helps IT teams understand what weaknesses might be hidden in their databases. But scanners are a double-edged sword. Criminals can also use these tools to locate open doors.

Threat actors can search ExploitDB and find the proof-of-concept code required to launch attacks. From privilege escalation to bypassing authentication to remote code execution, intruders can steal data or roam a compromised network.

Risk reduction goes beyond simply finding and fixing CVEs. This requires a more comprehensive understanding of your infrastructure and the risks that come with it. A solid refresh plan helps achieve a more robust, long-term defense.

Don’t procrastinate — Plan a data breach

Some companies have left vulnerabilities unaddressed for far too long. And they know it. Forrester surveyed 350 global enterprise IT decision makers in infrastructure, application management or maintenance, and software development.

The survey found that 61% of companies have delayed infrastructure renewal several times or more over the past five years. Why does this happen? In many cases, they kept moving it to the back of the to-do list. If you put a system in place and schedule refreshes, they are more likely to happen. If you wait for your teams to get started, you might as well never refresh.

What is the risk? Millions of your customers’ personally identifiable data (PII) could end up for sale on the darknet. Or, threat actors may demand high ransom money to decrypt critical files. Additionally, regulators are tightening rules around vulnerabilities and incident reporting. For example, GDPR “Privacy by Design” means you need to build in database security. Any proven on-site vulnerability is therefore not private by design.

Is the cloud secure enough?

When you try to promote an investment in IT infrastructure security, you get a lot of pushback. Today’s business landscape includes a mix of public cloud, private cloud, and on-premises infrastructure providers. Some say the cloud is cheap, easy, and secure. But is it true?

According to the Forrester report, 46% of IT managers believe that the public cloud does not meet their data security needs. Additionally, 85% of IT leaders agreed to make on-premises infrastructure a critical part of their hybrid cloud strategy. Their reasons likely stem from reports like these:

These statistics reveal that avoiding database risks is critical to business growth. It’s critical to protect customer data and high-value workloads in the data center and beyond. Otherwise, business owners risk losing hard-earned customer trust and loyalty.

The on-site business case

In the Forrester report, the top reasons for using on-premises resources for certain workloads and applications were:

  • Better compliance assurance (45%)
  • Mitigate data-in-transit security vulnerability (44%)
  • Improved application/infrastructure performance (43%)
  • Cost reduction (42%).

This demystifies any notion that the data center is just another cost center. Instead, modern business success continues to rely on onsite resources.

To optimize performance and productivity, enterprises leverage on-premises infrastructure for 48% of mission-critical and data-intensive workloads. That’s why 75% of IT leaders plan to increase their investments in IT infrastructure outside of the public cloud within two years.

Minimize on-premises database vulnerabilities

For on-premises vulnerabilities, how do you mitigate the risk? A big part of the battle is your mindset. It is essential to make updating the infrastructure a top priority. It is important to establish a clear and detailed infrastructure strategy. The plan should commit to on-premises workloads and focus on issues as the primary driver for refresh decisions.

Another key tactic is to adopt effective defensive methods, such as pervasive encryption and identity and access management (IAM). Pervasive encryption occurs at the database, dataset, or disk level so customers don’t need to modify or tune applications. Meanwhile, IAM uses machine learning and AI to analyze parameters (user, device, activity, context, and behavior) to determine whether or not to grant access.

Remember that IT performance is critical because it can directly impact customer experience, brand reputation, and overall costs. Organizations that struggle to keep up with refresh plans can choose to take advantage of subscription-based infrastructure refresh options.

The worst thing you can do is ignore the risk. Instead, develop a solid action plan to secure your on-premises assets to protect business growth.

Maria H. Underwood