Why Major Data Breaches Will Continue in 2019

Confidential Database Data is at Risk to Data Theft by Hackers

by Randy Reiter, CEO, SQL Power Tools

Landscape: There has been a multitude of data breaches where hackers or rogue insiders have stolen confidential data over the past five years. In 2017, more than 1,500 data breaches were reported. Equifax had the personal information stolen for 148 million customers in 2017. Most recently Marriott had the personal information exposed for up to 500 million people in 2018. Many other organizations have recently been hacked including LinkedIn, Anthem, Yahoo, British Airways, Target, and Uber. In some instances, hackers were active over several months once inside the network. IBM’s 2018 Cost of Data Breach study noted that companies took 197 days on average to identify a data breach and 69 days to contain it. The financial impact on businesses is significant. According to IBM, the average cost of a  US  data breach in 2018 was $7.9 million with fines dwarfing initial costs. As an example, Uber paid a $148 million dollar settlement in 2018 for concealing a 2016 data breach. Executive leadership is also focused on the risks presented by cybersecurity weaknesses. A CEO of a large US bank recently stated that the three things that could destroy his bank overnight were data breaches, meteors, and nuclear weapons. In 2018, a US Senator proposed jailing execs for data breaches. Corporate boards are becoming increasingly involved as Gartner notes that by 2020 100% of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually, up from 40% today.

Risks: Data has become increasingly important as currency for each company; it is critical to their day to day operations. This currency is stored in relational database systems such as DB2, Informix, Microsoft SQL Server, MySQL, PostgreSQL, Oracle, and Sybase. This data has become increasingly at risk for three key reasons:

• the security industry is largely focused on network-based security rather than on protecting the data stored within databases, 2) the movement of companies’ infrastructure to Cloud, which creates a greater chance of data exposure to the public internet and 3) the mistakes of non- malicious employees who Forrester research recently determined are responsible for 36% of all security

Current security software does not properly protect against the theft of confidential database data once the security perimeter has been penetrated. Once a rogue insider or hacker is inside the network, the theft of confidential database data is straightforward. Readily available vendor and public domain database utilities allow database data to be easily queried by hackers using a simple SQL database query. An important solution to these types of security lapses is security software capable of detecting and stopping the theft of confidential database data from the inside out. Background. SQL Power Tools has monitored the end-user response time of 10,000+ databases over the past several years using non-  intrusive network sniffing technology. We have monitored everything from high volume online sports betting databases processing 15,000 SQL requests/sec to very large database servers having 64 CPUs servicing 20,000 concurrent online users. The usage of non-intrusive network sniffing has the advantage of having no impact on the database server plus allows for 100% of the database SQL query activity to be captured 7×24 for analysis. What we have continually found over the years is that database activity is very predictable. Databases typically process a pattern of 2,000 to 20,000 SQL queries/requests that run millions of times a day. The key to detecting an intruder or possible data exfiltration from the inside is looking for abnormalities in these SQL queries. What is needed. Security software that non- intrusively monitors the real-time database SQL activity using non-intrusive network sniffing and learns what the normal SQL activity is. Applying Advanced SQL  Behavioral Analysis to the known SQL activity allows rogue SQL queries to be detected and shut down in a few seconds. This type of security software can be inexpensively run from a network tap or proxy server so that there is no impact upon production servers. Consider the following SQL query of customer information. SELECT NAME, ADDRESS, PHONE_NO,  SOCIAL_SECURITY_ NO, CREDIT_CARD_NO FROM CUSTOMERS. It would be a very, very rare application that would query the entire CUSTOMERS table containing tens of millions of customers, yet most security software would be unaware that this differs from another more typical query.

The Advanced SQL Behavioral Analysis of the SQL query activity can go even further and learn the maximum amount of data queried plus the IP addresses all queries were submitted from for each of the unique SQL queries sent to a database. Security software containing this functionality can detect never before observed SQL query activity, SQL queries sent from a never observed IP addresses and SQL queries sending more data to an IP address than the query has ever sent before. This type of important security software architecture/program can in real-time detect hackers, 3rd party cyber risks, SQL injection attacks and rogue insiders attempting to steal confidential database data. Once detected the security team can be immediately notified within a few seconds so that an embarrassing and possibly expensive data breach is prevented. Conclusion. Databreacheswillcontinueuntil organizations protect confidential database data from hackers and rogue insiders from the inside of the security perimeter using Advanced SQL Behavioral Analysis of the real-time database query and SQL activity. This will protect private and public sector confidential data in DB2, Informix, Microsoft SQL Server, MySQL, Oracle, PostgreSQL, and Sybase databases.

About the Author

Randy Reiter is the CEO of SQL Power Tools. He the architect of the Database Cyber Security Guard product,  a database data breach detection and prevention product for DB2, Informix, Microsoft SQL Server, Oracle, and Sybase databases. He has worked extensively over the past 25 years with real-time network sniffing and database security.