Organizations across the globe uncover new and better ways to leverage their customer data every day. But as these digital assets become more valuable to their corporate owners, they also become more appealing to cybercriminals.

Cybercrime, and particularly data theft, has evolved into an exceptionally lucrative offense in recent years. As a result, it’s attracting a broader variety of perpetrators.

Today, your organization’s database is more likely to be breached by someone you know — an employee, third-party contractor or partner — than a faceless fraudster from overseas. In fact, 60 percent of attacks are caused by insider threats, according to the “IBM 2016 Cyber Security Intelligence Index,” and the number of internal records leaked across the world has reached approximately 1 billion.

The stakes are high, and there’s more on the table than just bottom-line losses from financial crime. When critical information goes missing, organizations face increased scrutiny of their compliance activities, the possibility of regulatory penalties and, in this age of viral news, fast-spreading reputational and brand damage.

Furthermore, it takes security teams an average of 201 days to identify a data breach, suggesting that extensive damage can be done before responsive steps can even begin.

The Nature of the Beast

Why is this happening? Consider the complexity of the information environment as a whole: Given the accelerating growth of data within today’s organizational environments, the complexity of regulations and compliance requirements, and the ever-present threat of internal and external attacks, organizations face an enormous challenge before they ever purchase a server or install a system.

Even once you’ve installed information and security systems, there’s still often a problem embedded in your infrastructure. In this case, the beast whose very nature may be compromising your data is the database itself.

Database servers contain your most valuable information, such as financial, credit card, patient and other records. Not only do they contain large amounts of critical data, but they are also intentionally constructed to be easily searched and queried in multiple ways. Individuals within your company have numerous entry points to information and many ways to bypass traditional safeguards, including simply extracting it from servers that have been stolen or are no longer in use.

Intentional and Unintentional Threats

The nature of the database enables two key internal threat types: intentional threats, which are created by individuals with specific criminal or otherwise malicious intent; and unintentional threats, which are typically the result of human error. It’s kind of like someone stealing your chained-up bike versus you forgetting to lock it.

Intentional threats generally refer to employees with direct data access or specific privileges, such as the database administrator, system administrator or application administrator, downloading or tampering with data. These tend to be particularly insidious because they are so hard to defend against. Although red flags do exist — such as employees in financial trouble, those who are disgruntled or even those who work in environments with low morale — most organizations lack formal processes for identifying these markers in advance.

Unintentional threats occur when no one is necessarily actively trying to steal data, but the information is left unprotected without anyone knowing it. This can result from database misconfiguration, unauthorized user ID sharing, data exposure during testing and disposing of storage devices without properly cleaning them.

The Full Data Picture

Security teams are further challenged by a general lack of visibility into the full data picture and a poor corporate understanding as to what data is actually at risk. Organizations often lack the ability to identify critical data embedded at various points within their systems and servers.

On top of that, organizations may not know where to look in the first place, how to determine which systems and servers are actually at risk, or how to prioritize them. If you don’t know where critical data lies, how can you protect it?

Defending Your Database

Today’s organizations must have data protection solutions capable of keeping critical data safe from internal threats. These solutions must stop criminals from actively stealing information and also prevent accidental leaks caused by unintended weaknesses in database structure, management or controls.

More from Data Protection

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read

Understanding the Backdoor Debate in Cybersecurity

3 min read - The debate over whether backdoor encryption should be implemented to aid law enforcement has been contentious for years. On one side of the fence, the proponents of backdoors argue that they could provide valuable intelligence and help law enforcement investigate criminals or prevent terrorist attacks. On the other side, opponents contend they would weaken overall security and create opportunities for malicious actors to exploit. So which side of the argument is correct? As with most debates, the answer isn't so…

3 min read