The 16th annual Black Hat USA 2013 cybersecurity conference comes to a close today, but, there are no weekends off for security professionals. According to another security report – I tend to get at least one or two a week – $10 million is the average amount respondents to the Ponemon Institute Live Threat Intelligence Impact Report 2013 spent in the past 12 months to resolve the impact of exploits.
That’s expensive, but some of the other findings were even more troubling. Only 10% know with absolute certainty that a material exploit or breach to networks or enterprise systems occurred. Almost a quarter, 23%, said it can take as long as a day to identify a compromise, while almost half, 49%, said it can take within a week to more than a month to identify a compromise. The Verizon Data Breach Report released a couple of months ago was even more dire: the average period that breeches remain undiscovered is four months. Adding insult to injury, 69% of the breaches were not detected by the company, but by outsiders.
While 49% of organizations plan to increase their information security this year, according to a survey by Enterprise Strategy Group, database security is being largely ignored, said David Maman, Founder and CTO of GreenSQL, a database security company, in a recent interview with IT Trends & Analysis.
“The final frontier for the entity you call your business is information, the new currency. For the cybercriminal, his entire goal of threat is to get to your database, and it doesn’t matter how big your organization is. But for some reason database is being completely taken out of the picture, even though its increasing 60-70% [in size] a year.”
DBAs (database administrators) don’t have time for security, they spend less than 5% of their time on it, according to Forrester Research. An Oracle survey found that while 52% of IT security decision-makers believe a breach of their databases would represent the most severe damage to their organization, they spend less than a quarter (15%) of their resources on database security, compared to the 67% spent on network resources, even though only 34% cited damage to network resources as the most severe risk.
IDC predicts that spending on risk management software, hardware, and services will see a compound annual growth rate (CAGR) of 5.45% for 2013–2017, exceeding $80 billion by 2017. It said risk spending is still outpacing growth in overall IT spending, representing between 15% and 17% of overall IT spending on average.
In May the Israel-based GreenSQL was named a “Cool Vendor” in the Infrastructure Protection Category for 2013 by Gartner. The company claims to be the world’s number one installed database security solution, supporting Windows Azure, SQL Server, MySQL, Amazon RDS, Maria DB and PostgreSQL database applications.