As employees transition to work from home, organizations have to engage in a careful balancing act between accessibility and security. Here is how to strengthen your database in the distributed environment of the post-Covid world.
Cyberattacks are here to stay
2020 was the year of rapid digital transformation. It also has been a record-breaking year for breaches, leaks, and cybersecurity incidents.
Prognosis for the future is dim, as many experts predict that things are likely to get worse. It is expected that in 2021, we will see a cyberattack incident every 11 seconds, nearly double the rate of 2019 (once every 19 seconds), and four times as much as five years ago (once every 40 seconds in 2016).
Cybercrime will cost the global economy $6.1 trillion annually. To put this numbers in perspective, the scale of cybercrime is on track to eclipse most world-economies, becoming the world’s third-largest economy, right behind the US and China.
Databases are increasingly targeted by threat actors
The database is the crown jewel that must be protected at all costs. But databases are also the treasure trove of valuable data, which increasingly comes under attack.
Security researchers have discovered this week a botnet operation that targets PostgreSQL databases to install a cryptocurrency miner. The botnet operates by performing brute-force attacks against internet-accessible PostgreSQL databases.
It has been reported that over 85,000 MySQL databases are on sale on a dark web portal at a price of only $550/database.
Data is valuable, and workers are increasingly targeted with a significant volume of cyberattacks. Threat actors are taking advantage of the coronavirus crisis and are increasingly targeting remote workers with a host of COVID-19 fraud schemes, phishing attacks, ransomware attacks, and related cyber threats.
Humans are the weakest link in your cybersecurity defences
Malware, ransomware, phishing, or some other method – hackers are working hard to get their hands on valuable data.
And although nation-state actors and ultra-complicated schemes are receiving much attention in the media, most of the cyberattacks rely on tried and true attack methods: schemes aimed at taking advantage of human nature.
There are two main main culprits behind the majority of the breaches in 2020. Phishing emails that are used to smuggle malware – such as AveMaria and NetWiredRC – onto the target machines followed by brute force attacks taking advantage of widespread password reuse. Both attack vectors are focusing on the weakest link of any cybersecurity program – the humans.
WFH security depends on policy enforcement and automation
Despite increased awareness of cybersecurity issues, working from home leads to major cybersecurity incidents. Since the shift to remote working brought in by COVID-19 related lockdown measures, organizations had been exposed to a greater risk of compromise and have suffered significantly more data breaches as a result.
According to a new report from Malwarebytes, since lockdowns were introduced, a staggering 20% of organizations have been compromised as a result of actions by a remote worker.
The report argues that the use of personal devices for work is a contributing factor, with nearly 61% of businesses not enforcing antivirus use on personal devices used for work.
Some worrying statistics and takeaways from the report include:
- 18 percent of respondents admitted that, for their employees, cybersecurity was not a priority, with 5 percent claiming that employees were oblivious to security best practices and presented a security risk
- At the same time, cybersecurity training is lacking, with 44 percent of respondents’ no’ providing any cybersecurity training that focused on potential threats of working from home
- 65 percent of organizations do not deploy antivirus (AV) solutions on work-issued devices.
How to protect your database in the work from home era
It seems that everybody knows how to improve cybersecurity posture for a remote workforce. Policies such as ensuring home networks are protected with strong passwords, making sure employees are not leaving company devices within reach of non-authorized users, and fighting password reuse are introduced left and right.
However, enforcing those “common sense” policies, in reality, has proven to be a significant challenge across the board. Despite introducing strict policies on paper, in practice, policy enforcement of remote workforce without compromising workability is extremely difficult.
So how can we make the humans comply with the policies of an organization without compromising employee experience?
Database automation to the rescue
Automating database release and deployment is key in stopping the threat actors in their tracks while empowering worker productivity at the same time.
Database delivery automation can help you streamline daily operations as well as integrate security into processes, applications, and infrastructure from the very beginning. Fully deploying database automation can ensure that proper procedures are followed without exception at every release.
Roles and responsibilities
Organizations must control who has access to organization’s sources at any point in time. Access control is an integral component of IT and data security for businesses, and the database is no exception.
In addition to giving greater control over who can access the database, access controls for the database also help organizations stay compliant with industry standards and regulations.
When it comes to the database, it is of paramount importance that only verified individuals can physically or virtually touch the parts of the database that they have permission to access.
This process involves restricting access or granting permissions that allow only relevant employees to make any changes to the database. The minimal privilege principle applies here, restricting access permissions to a very limited subset of users to do any of the following within the database:
- Access,
- Read,
- Modify,
- Communicate,
- Delete or otherwise destroy.
Reduce the high privilege passwords with automation
Passwords are fundamentally unsafe. According to the Verizon Data Breach Investigations Report, compromised passwords are responsible for 81% of hacking-related breaches.
It is clear that despite the focus on cybersecurity, both organizations and users fail to step up their password hygiene. One of the biggest issues is rampant password reuse.
Here are some staggering statistics that truly drive the magnitude of the password reuse problem home:
- The average person reuses each password as many as 14 times.
- 65% of people reuse passwords across multiple sites
- 91% of respondents claim to understand the risks of reusing passwords across multiple accounts. 59% admit to doing it anyway.
- 73% of users duplicate their passwords in both their personal and work accounts.
- Nearly half (49%) of employees simply change or add a digit or character to their password when updating their company password every 90 days. Therefore forced resets are a very ineffective tactic.
It stands to reason that reducing the reliance on passwords by introducing automation flows that take the user out of the equation can significantly improve the database’s security. Ensuring that users are not involved in repetitive, manual actions that require them to repeatedly log into the system reduces the risks associated with passwords.
Automated audit and real-time alerts
You can’t protect what you cannot see. One of the pains around protecting the database is the difficulty to trace who made what change, when, and where.
With most databases, monitoring and auditing is a difficult task. Database automation makes it easy to pull up reports to quickly see where the changes originate from to spot and flag any suspicious activity.
Database delivery automation drives database security
Database delivery automation is a crucial element of a working database security protocol. By reducing reliance on manual, ad-hoc methods and introducing automated, repeatable protocols and procedures, organizations can improve their security posture and protect the database.