Database attacks to increase in 2007
By Rene Millman,
IT managers should focus on securing databases from internal and external threats as spam and phishing are no longer major concerns, according to a database security expert.
Paul Davie, chief executive of data security company Secerno, said that the security sector has now come to terms with the fact that they are dealing with highly financially motivated, technologically advanced and professional database infiltrators.
"The years of spam and simple phishing scams targeted at the naïve PC user are no longer our major concern. Any company that stores data needs to shift its focus inwards," he said.
He said that this year saw many attacks on confidential financial data.
"Emails lured online bankers to provide their logins, passwords and account details, only to become victims of fraudulent activity or a complete loss of funds. Employees were blackmailed or bribed to download data for criminal gangs," said Davie. "Banks' websites were duplicated to provide a false sense of security and even NHS data was delved into, as Tony Blair's medical records hit the headlines."
He said that next year the increased popularity in online banking will continue to attract the criminal fraternity.
"Thankfully, a combination of recent high profile breaches and forthcoming legislative requirements, such as the PCI framework, is driving attention to the implementation of effective data security," he said.
Davie warned that the UK's new Integrated Children's System go live, a data system containing details of all of the nation's vulnerable children, would be a prime target for paedophile hackers.
"Two questions spring to mind: will the first big story be of an external hack into the system or an authorised user abusing their access rights to find their targets? And, who will be hung out to dry: the poor soul responsible for specifying the system's security, or the politician who thought this was a good idea in the first place?"
He also said that SQL injection attacks, where a user input is not checked to see if it is valid, would sharply increase. "SQL injection attacks have been increasing at a rate of more than 250% per year for the last few years. In 2007, SQL injection will be recognized as the number one attack vector on internet-facing systems," said Davie.
But he warned that companies have to be on guard from internal threats. Recent statistics from the Secret Service and CERT show that 86 per cent of computer sabotage is done by knowledgeable IT staff within the organisation.
"Enhanced internal attacks will continue to thrive as organised criminal gangs plant employees inside businesses, he said. "Expert penetration testers see success rates of targeted attacks on databases approach 100 per cent, when initiated from inside the organisation."
advertisement
Latest Internet Features
Microsoft: One year under Steve Ballmer
It's been one year since Bill Gates left Microsoft in Steve Ballmer's hands. What kind of year have we seen?
- The top ten UK web brands
- Can Microsoft make a success out of Silverlight?
- A short history of Phorm
- Top of the flops: 10 pieces of tech that died before they’d lived
- Can Google or Microsoft get any bigger?
- Focus on... Flexible working
- 10 big internet names that have fallen
- The history of search engines
- Top 10 mobile Twitter apps
Latest Internet Reviews
Mozilla Firefox 3.5 review
Rating: 
advertisement
Latest News Videos in Internet
Video: How to set up a Smoothwall firewall
PlayWe take you through how to setup your own low-cost firewall system using nothing more than a low spec PC and free software.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?