image
A five-year longitudinal study found that nearly one out of every two on-premises databases globally – 46 percent – is vulnerable to attack, given that it has at least one unpatched vulnerability. The study, which involved 27,000 scanned databases globally, discovered that more than half – 56 percent – of those CVEs are rated “high” or “critical” in severity, indicating that routine patching is being shrugged off by many organizations. Conducted by Imperva Research Labs and published on Tuesday, the study – carried out with the company’s database-scanning service – also found that the average database contains 26 unpatched CVEs. Some of those vulnerabilities have left databases open to attack for three or more years – a scandalous length of time, given the sensitivity and value of data. Something just ain’t right with this picture, said Elad Erez, Imperva’s chief innovation officer and research lead. “This research proves that the way data is being secured today simply isn’t working,” Erez wrote in a Tuesday blog about the study. “For years, organizations have prioritized and invested in perimeter and endpoint-security tools, assuming the protection of the systems or network around the data would be enough,” he said. “However, that approach is not working, as this is an expansive and global problem. Organizations need to rethink the way they secure data in a way that genuinely protects the data itself.” Erez popped into the Threatpost podcast to discuss the results of the…

Source