Yesterday the IOUG announced the results of the survey conducted in August. The report is entitled Enterprise Data Insecurity: Are Organizations Prepared for the Threat From Within? and you can download it here. The key findings were pretty troubling:
One out of five respondents expects a data breach or incident over the coming year. Only one out of four said all databases are locked down against attacks.
Organizations see the greatest risks from internal access, either by unauthorized users, or by "super users" such as administrators with access privileges.
Most organizations do not have mechanisms in place to prevent database administrators and other privileged database users from reading or tampering with sensitive information in financial, HR, or other business applications. Most are unable to even detect such breaches or incidents.
Sending out data to outside parties is now a common practice.
One out of four sites covered in this survey do not encrypt data within their databases, and close to one out five are not even sure whether this encryption takes place.
Two out of five organizations employ actual production data within non-production environments, thereby exposing this information in unsecured settings.
There is growing awareness of potential risks. Most organizations monitor their databases for changes that may be indicators of malicious activity.
I won't say more for now and let everyone take a look at the report and digest. I will be blogging more on various aspects of the report over the next few weeks. And if you haven't already tried our enterprise data security self-assessment tool give it a try. We don't track any of the results so it's really just a way to learn more about what you can be doing to protect your databases and comply with regulatory requirements.