A recent industry study analyzed 27,000 on-prem databases across the globe, with surprising findings. In far too many cases, on-premises database security is weak. The good news is that you can manage the risk to cut down on the chance of a data breach. 

Nearly half (46%) of internal data assets in the study had at least one unpatched Common Vulnerability and Exposure (CVE). The average database had 26 vulnerabilities. Of those, 56% were ranked as ‘High’ or ‘Critical’, according to the National Institute of Standards and Technology (NIST) guidelines.  

These openings draw cyber criminals like bees to honey. They leave the door wide open to attack and the high cost of a data breach. Now, many chief information security officers are seeking improved IT infrastructure strategies to reduce on-prem risk.

Lessons From the Microsoft Data Breach Response

In March 2021, Microsoft reported it was the victim of a state-sponsored cyberattack from the Chinese group Hafnium. The exploit affected over 30,000 groups across the U.S., including local governments, agencies and businesses. 

In the Microsoft breach, threat actors used zero-day attack techniques. This enabled them to extract data from hundreds of thousands of on-premise servers running Microsoft’s Exchange software. 

Hafnium breached the on-premise servers through a mixture of stolen passwords and formerly unknown vulnerabilities. Attackers then built a web shell around the servers, thus enabling constant access to exfiltrate email data.

The Hafnium attack exploited unknown vulnerabilities in Microsoft’s software. Since then, Microsoft released patches to correct these exposures. However, any business or agency remains at risk if they continue to run the unpatched Exchange software.

Database Security Exploits

Threat actors can easily scan for on-prem database vulnerabilities using tools like Exploit Database (DB) or Shodan. ExploitDB is an archive of exploits that helps keep public databases secure. It helps IT teams understand what weaknesses might be hidden in their databases. But scanners are a double-edged sword. Criminals can use these tools to locate open doors, too.

Threat actors can search ExploitDB and find the proof of concept code required to launch attacks. From privilege escalation to authentication bypass to remote code execution — intruders can steal data or move throughout a breached network.

Reducing risk goes beyond simply looking up and patching CVEs. It requires a more holistic understanding of your infrastructure and the risks that come with it. A solid refresh plan helps to achieve a more robust, long-term defense. 

Don’t Put it Off — Plan for a Data Breach

Some businesses have left vulnerabilities unresolved for far too long. And they know it. Forrester surveyed 350 global enterprise IT decision-makers in infrastructure, application management or maintenance and software development. 

The survey found that 61% of companies delayed infrastructure refresh a few times or more in the last five years. Why does this happen? In many cases, they kept moving it to the back of the to-do list. If you put a system in place and plan for refreshes, they are more likely to happen. If you wait until your teams get around to it, you might as well never refresh.

What’s the risk? Millions of your customers’ personally identifiable information (PII) data could end up for sale on the darknet. Or, threat actors might demand a hefty ransom to decrypt mission-critical files. Also, regulatory agencies are tightening the rules surrounding vulnerabilities and incident reporting. For example, GDPR ‘Privacy by Design’ means you should build database security in. Any proven on-prem vulnerability, therefore, is not private by design. 

Is the Cloud Safe Enough?

When you try to promote an IT infrastructure security investment, you get a lot of pushback. Today’s business landscape contains a mix of public cloud providers, private cloud and on-premises infrastructure. Some argue the cloud is cheap, easy and secure. But is this true? 

According to the Forrester report, 46% of IT leaders feel the public cloud doesn’t meet their data security needs. Also, 85% of IT leaders agreed to make on-premises infrastructure a critical part of their hybrid cloud strategy. Their reasons probably come from reports like these:

These stats reveal that database risk avoidance is critical for business growth. It’s essential to protect high-value customer data and workloads in the data center and elsewhere. Otherwise, business owners face losing hard-won customer trust and loyalty.

The Business Case for On-Prem

In the Forrester report, the top-ranked reasons for using on-premises resources for select workloads and applications were:

  • Greater assurance of compliance (45%)
  • Mitigation of security vulnerability of data in transit (44%)
  • Improved application/infrastructure performance (43%)
  • Cost reductions (42%).

This debunks any notion that the data center is just another cost center. Instead, modern business success continues to rely on on-prem resources.

To optimize performance and productivity, firms leverage on-premises infrastructure for 48% of both mission-critical and data-intensive workloads. That’s why 75% of IT leaders plan on increasing investment in IT infrastructure outside of the public cloud within two years.

Minimize On-Prem Database Vulnerabilities

For on-prem vulnerabilities, how do you mitigate the risk? A big part of the battle is your mindset. Making infrastructure refresh a top priority is key. It’s important to establish a clear, detailed infrastructure strategy. The plan should commit to on-prem workloads and focus on issues as a primary driver of refresh decisions. 

Another key tactic is to adopt effective defensive methods, such as pervasive encryption and identity and access management (IAM). Pervasive encryption occurs at the database, data set or disk-level so customers don’t need to change or adjust applications. Meanwhile, IAM uses machine learning and AI to analyze parameters (user, device, activity, context and behavior) to determine whether or not to grant access. 

Remember, IT performance is critical since it can directly impact customer experience, brand reputation and overall costs. Organizations that struggle to keep up refresh plans might choose to leverage subscription-based infrastructure refresh options

The worst thing you can do is ignore the risk. Instead, develop a solid plan of action to secure your on-prem assets to protect business growth. 


More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…