A recent industry study analyzed 27,000 on-prem databases across the globe, with surprising findings. In far too many cases, on-premises database security is weak. The good news is that you can manage the risk to cut down on the chance of a data breach. 

Nearly half (46%) of internal data assets in the study had at least one unpatched Common Vulnerability and Exposure (CVE). The average database had 26 vulnerabilities. Of those, 56% were ranked as ‘High’ or ‘Critical’, according to the National Institute of Standards and Technology (NIST) guidelines.  

These openings draw cyber criminals like bees to honey. They leave the door wide open to attack and the high cost of a data breach. Now, many chief information security officers are seeking improved IT infrastructure strategies to reduce on-prem risk.

Lessons From the Microsoft Data Breach Response

In March 2021, Microsoft reported it was the victim of a state-sponsored cyberattack from the Chinese group Hafnium. The exploit affected over 30,000 groups across the U.S., including local governments, agencies and businesses. 

In the Microsoft breach, threat actors used zero-day attack techniques. This enabled them to extract data from hundreds of thousands of on-premise servers running Microsoft’s Exchange software. 

Hafnium breached the on-premise servers through a mixture of stolen passwords and formerly unknown vulnerabilities. Attackers then built a web shell around the servers, thus enabling constant access to exfiltrate email data.

The Hafnium attack exploited unknown vulnerabilities in Microsoft’s software. Since then, Microsoft released patches to correct these exposures. However, any business or agency remains at risk if they continue to run the unpatched Exchange software.

Database Security Exploits

Threat actors can easily scan for on-prem database vulnerabilities using tools like Exploit Database (DB) or Shodan. ExploitDB is an archive of exploits that helps keep public databases secure. It helps IT teams understand what weaknesses might be hidden in their databases. But scanners are a double-edged sword. Criminals can use these tools to locate open doors, too.

Threat actors can search ExploitDB and find the proof of concept code required to launch attacks. From privilege escalation to authentication bypass to remote code execution — intruders can steal data or move throughout a breached network.

Reducing risk goes beyond simply looking up and patching CVEs. It requires a more holistic understanding of your infrastructure and the risks that come with it. A solid refresh plan helps to achieve a more robust, long-term defense. 

Don’t Put it Off — Plan for a Data Breach

Some businesses have left vulnerabilities unresolved for far too long. And they know it. Forrester surveyed 350 global enterprise IT decision-makers in infrastructure, application management or maintenance and software development. 

The survey found that 61% of companies delayed infrastructure refresh a few times or more in the last five years. Why does this happen? In many cases, they kept moving it to the back of the to-do list. If you put a system in place and plan for refreshes, they are more likely to happen. If you wait until your teams get around to it, you might as well never refresh.

What’s the risk? Millions of your customers’ personally identifiable information (PII) data could end up for sale on the darknet. Or, threat actors might demand a hefty ransom to decrypt mission-critical files. Also, regulatory agencies are tightening the rules surrounding vulnerabilities and incident reporting. For example, GDPR ‘Privacy by Design’ means you should build database security in. Any proven on-prem vulnerability, therefore, is not private by design. 

Is the Cloud Safe Enough?

When you try to promote an IT infrastructure security investment, you get a lot of pushback. Today’s business landscape contains a mix of public cloud providers, private cloud and on-premises infrastructure. Some argue the cloud is cheap, easy and secure. But is this true? 

According to the Forrester report, 46% of IT leaders feel the public cloud doesn’t meet their data security needs. Also, 85% of IT leaders agreed to make on-premises infrastructure a critical part of their hybrid cloud strategy. Their reasons probably come from reports like these:

These stats reveal that database risk avoidance is critical for business growth. It’s essential to protect high-value customer data and workloads in the data center and elsewhere. Otherwise, business owners face losing hard-won customer trust and loyalty.

The Business Case for On-Prem

In the Forrester report, the top-ranked reasons for using on-premises resources for select workloads and applications were:

  • Greater assurance of compliance (45%)
  • Mitigation of security vulnerability of data in transit (44%)
  • Improved application/infrastructure performance (43%)
  • Cost reductions (42%).

This debunks any notion that the data center is just another cost center. Instead, modern business success continues to rely on on-prem resources.

To optimize performance and productivity, firms leverage on-premises infrastructure for 48% of both mission-critical and data-intensive workloads. That’s why 75% of IT leaders plan on increasing investment in IT infrastructure outside of the public cloud within two years.

Minimize On-Prem Database Vulnerabilities

For on-prem vulnerabilities, how do you mitigate the risk? A big part of the battle is your mindset. Making infrastructure refresh a top priority is key. It’s important to establish a clear, detailed infrastructure strategy. The plan should commit to on-prem workloads and focus on issues as a primary driver of refresh decisions. 

Another key tactic is to adopt effective defensive methods, such as pervasive encryption and identity and access management (IAM). Pervasive encryption occurs at the database, data set or disk-level so customers don’t need to change or adjust applications. Meanwhile, IAM uses machine learning and AI to analyze parameters (user, device, activity, context and behavior) to determine whether or not to grant access. 

Remember, IT performance is critical since it can directly impact customer experience, brand reputation and overall costs. Organizations that struggle to keep up refresh plans might choose to leverage subscription-based infrastructure refresh options

The worst thing you can do is ignore the risk. Instead, develop a solid plan of action to secure your on-prem assets to protect business growth. 


More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today