Data is increasingly appreciated by companies as their most valuable asset. But the problem is that this view is not just held by organizations themselves, there are others - including hackers and - who see it that way as well.
It is not just a matter of organizations committing themselves to doing the right thing. Data management mandates and regulations including the Sarbanes-Oxley Act, local and state regulations, and HIPAA HITECH must be adhered to by many companies. And, the cost of data security breaches just keeps going up, There are numerous costs associated with a data security breach – including direct, indirect and opportunity costs such as lost business, customer churn, customer acquisition activities, and tarnished brand reputation.
According to a recent study, the average cost of a data breach for companies has gone up to $4 million, representing a 29% increase since 2013. According to the 2016 study, sponsored by IBM, cybersecurity incidents continue to grow in both volume and sophistication, with 64% more security incidents reported in 2015 than in 2014. The study found that companies lose $158 per compromised record.
Breaches in highly regulated industries were even more expensive - with healthcare reaching $355 per record, $100 more than in 2013. The study found that companies that had predefined business continuity management processes in place found and contained breaches more quickly, discovering breaches 52 days earlier and containing them 36 days faster than companies without such processes.
To protect their crown jewels from outside hackers and intentional misuse by insiders or contractors, organizations are embracing a range of methods in the cloud and on premises from across the data lifecycle, including encryption, masking, monitoring.
While there is great concern about the risk posed by outside hackers, insider threats – intended and accidental - remain the most foremost problem, according to a recent IOUG-Unisphere Research report sponsored by Oracle. The Target data breach of 2013, for example the report notes, occurred because of an outside hacking, but it was a trusted contractor that unintentionally opened up the gates.
The report makes the point that even those threats coming from outside can be the result of carelessness, unclear or non-existent policies, or inside vulnerabilities, either in data centers or among third-party partners. When it comes to the parts of their systems most vulnerable to security issues, respondents in the IOUG-Unisphere survey point to their databases, with 58% agreeing that this is where the greatest precautions need to take place, followed by the network as the next most-cited area of potential damage, and then, the server and storage infrastructure.
IT and data managers can play a pivotal role in enterprise security because they are the insiders with trusted status and they are aware of where the data is stored and how best to reduce or eliminate threats. The report advises that DBAs must take a proactive stance, and educate the business about the risks, and how to address those risks. A range of approaches including data encryption and redaction, and more preventative measures such as auditing and monitoring need to take place, so it is not possible for malicious acts do not continue unchecked. The survey points out that new technology can relieve many of the manual burdens associated with database monitoring.
HERE ARE THE WINNERS OF THE 2016 DBTA READERS' CHOICE AWARDS FOR BEST DATABASE SECURITY SOLUTION:
Oracle Audit Vault and Database Firewall www.oracle.com
SolarWinds Log and Event Manager
McAfee Database Activity Monitoring