Vulnerabilities in 46 percent of all databases

An Imperva study shows: Vulnerabilities in 46 percent of all databases

Imperva recently published a study with frightening results on database security: 46 percent of all on-premises databases worldwide are vulnerable to attacks, with an average of 26 vulnerabilities per database. The longitudinal study scanned nearly 27,000 databases over five years for this purpose.

More than half (56 percent) of the vulnerabilities found were rated “high” or “critical” according to National Institute of Standards and Technology (NIST) guidelines. The study results suggest that many organizations are placing a low priority on the security of their data and neglecting routine patching.

The unprecedented number of vulnerabilities in databases provides attackers with a wide range of opportunities. Attackers are developing increasingly sophisticated tactics to bypass traditional perimeter or endpoint solutions, gaining access to sensitive data. The research team found that in recent years, nearly 50 percent of data breaches originated in the web application layer.

Companies therefore need to rethink their security approach and the tools in their tech stack. Protecting the web application layer has been a focus of the security industry for years, and yet attackers continue to find ways in. That’s partly because of an operational problem that needs to be addressed: when application and data security are managed separately, gaps are created that savvy attackers can exploit.

Regardless of the composition and structure of sensitive data, attackers are always motivated to access it. For this reason, organizations must implement security on all data stores, where the focus is on protecting the data itself, not just the applications and networks that surround and interact with it. Whether for proactive, preventative security or post-incident response, or both, it’s important to understand where the data is stored, whether it’s classified, whether the right access controls are in place and whether strong auditing and anomaly detection tools are in place.


Please contact your local Exclusive Networks account manager to learn more about how Imperva solutions can help you protect your data stores and your applications from attack.