About Us | Contact Us
View Cart

Organizations Struggle to Recover Months After SQL Injection Attacks

By Vigilize | Wednesday, April 23, 2014 - Leave a Comment

Organizations are becoming more aware of SQL injection threats and the long process of detection and recovery.

Even if you outsource the “high risk assets” related to your web presence (such as on-line banking), you shouldn’t overlook this attack vector. If you have interactive forms on your website, you may be vulnerable to a SQL injection attack. A report published last week by the Ponemon Institute reveals some interesting statistics on the prevalence of SQL injection attacks and the amount of time required to detect and recover from them.

Of the organizations surveyed, 65% of them had suffered from a known SQL injection attack in the last 12 months. On average, it took these organizations about 140 days to discover the attack and 68 days to recover from it. It was found that 40% say that it takes even longer to detect them; around six months.

On top of that, over half of the organizations surveyed had no testing or third-party validation software in place to detect SQL injection vulnerabilities. A majority are siting the emergence of mobile devices in the office as a deterrent to pinpointing the source of the injection.

The good news is more than half say they will be integrating behavioral analysis-based tools over the next 2 years in order to track activity in their databases. It appears the more and more organizations are becoming aware of the threats SQL injection attacks present and taking precautions to prevent substantial damage.


Original article by Kelly Jackson Higgins.
Read the full story here.

Latest News
    Why It Rhymes With SEEM (And its Not the I Before E Rule) Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . It’s the Gestalt. The idea that the whole is greater than the sum of it’s parts. That’s not something that is often brought […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
    Four Conditions … …For Why a Network Can be Anything But a Network! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I have to admit that infotex is being called into engineering meetings with larger organizations these days that are NOT community based banks.  We […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
    Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of  IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Many organizations still fail to consider the unique risks posed by cloud computing… An article review. Last month thousands of Western Digital MyCloud device owners learned about the risks of cloud-based solutions the hard way: their data had been wiped remotely due to a flaw in the internet-facing component of their external hard drives. While […]
    infotex does not use Kaseya… We are protecting our Clients! Another blog post meant to inspire thought about IT Governance . . . . To all infotex managed security service Clients: As you may be aware there was a large ransomware attack recently that leveraged a remote management tool called Kaseya that is used by many […]