Global Databases Riddled with an Average of 26 Vulnerabilities

Nearly half (46%) of the world’s on-premises databases contain known vulnerabilities — most of which are high or critical severity, according to a new five-year study from Imperva.

The security vendor scanned 27,000 databases globally over five years and discovered that they contained 26 vulnerabilities each on average. Some 56% of these were ranked in the top two severity categories, meaning they could lead to serious compromise if exploited.

Some CVEs have not been addressed for several years, Imperva claimed.

Despite the growing popularity of cloud-based platforms, the news is concerning, as most organizations continue to store their most sensitive data on-premises, according to Elad Erez, chief innovation officer at Imperva.

“While organizations stress publicly how much they invest in security, our extensive research shows that most are failing,” he added.

“Too often, organizations overlook database security because they’re relying on native security offerings or outdated processes. Given that nearly one out of two on-prem databases is vulnerable, it is very likely that the number of reported data breaches will continue to grow, and the significance of these breaches will increase too.”

A standard route to compromising non-publicly accessible databases is via web application vulnerabilities such as SQLi or phishing and malware designed to give attackers a foothold into networks.

Compromising public databases is even more accessible, with attackers able to scan for exposed targets via tools like Shodan, before deploying exploit code, Imperva warned.

“Attackers now have access to a variety of tools that equip ..

Support the originator by clicking the read the rest link below.