Poorly secured databases are emerging as one of the biggest contributors to major data breaches. Culprits-in-chief are open-source NoSQL databases – you may recall several breaches involving MongoDB databases in the past year. NoSQL non-relational databases are quick, flexible and easy to use; but therein lies part of the problem, as this open source approach makes controlling user security settings near impossible. When news broke of breaches, MongoDB was quick to blame the lax security on users who failed to apply the security controls that come with the database as standard issue.
Millions of users of MacKeeper and the Beautiful People dating site, not to mention the entire Mexican electorate, have been victims of database breaches in recent years. Security researchers attribute this to complacency, plus a lack of cooperation and communication between suppliers and their users.
An exposed database is more than an embarrassment – it could result in an organisation losing vital information on which its ability to do business depends. In addition, new regulation will increase the fines imposed on companies found to not take proper precaution in securing the personal data they hold. So when we talk about organisations needing to take urgent steps to strengthen their data defences, it’s not just anti-virus programmes and phishing spam filters – it starts with basic database security.