The Top Four Reasons for Database Data Loss and what to do about it

The Top Four Reasons for Database Data Loss (and what to do about it)

IT security practitioners are well aware of the importance of data loss prevention (DLP). These risks do not go away as organizations adopt cloud-based managed database services such as Amazon RDS and Amazon Redshift; in fact, they become more serious in many ways. While AWS takes security of their infrastructure extremely seriously, individual customers are responsible for securing their own data and access to it.

Typically, the term DLP refers to the process of safeguarding files that contain confidential or proprietary information, such as contracts, product designs, and internal financial analyses. Keeping this unstructured data in file systems secure and compliant is a critical security and compliance objective. However, it is critical to protect sensitive structured data stored in databases, such as personally identifiable information (PII), credit card information, customer data, and medical records, as part of a comprehensive DLP strategy. Because databases contain so much critical information in a single repository, they are arguably the most valuable targets to attack.

Data loss incidents are frequently traced to external attacks – most frequently when criminals obtain legitimate users' login credentials via phishing attacks. These are capable of wreaking havoc, as was recently demonstrated by the Colonial Pipeline attack. Internal data loss caused by current or former employees, contractors, or business partners is less dramatic but no less devastating. Simply contact Facebook, Marriott, Coca-Cola, Tesla, or Microsoft to learn more.

The following are four of the most common danger areas for database data loss (excluding well-understood IT fundamentals such as ongoing maintenance and upgrading/patching the infrastructure and databases themselves).

1. Misconfiguration of the database

Databases with a poor security posture are shockingly common, provide a goldmine for attackers, and pose enormous risks to organizations.

What should you do?

• Ensure that your databases are accessible only to users who possess the necessary credentials and are located in the expected locations.
• Modify the default login credentials.
• Protect the data by encrypting it.
• Ensure that you have a solid backup plan in place (including protection of backups).

2. Inappropriate access privileges for users

Another significant source of data loss is improper user access privileges. High-privilege accounts possess dangerous capabilities that can be exploited to steal data. It should go without saying that it is critical to account for and tightly control all accounts with elevated privileges. These are an attack vector for both insiders and outsiders.

What should you do?

• Conduct regular reviews of access privileges to ensure they are accurate and appropriate.
• Keep a close eye on user accounts with elevated privileges.
• Conduct regular audits of user accounts and disable service and orphan accounts.

3. Incomplete data inventory

Security teams must be aware of the locations of sensitive data in order to protect it. The IT landscape of businesses is constantly evolving, particularly with the trend toward more cloud-based managed database services.

What should you do?

• If you do not already have one, establish a data inventory tracking mechanism.
• Conduct routine searches for new or changed data repositories.
• Classify data according to its sensitivity level and keep track of where the most sensitive data resides.

4. Undetected security incidents

To respond effectively, security teams must be aware of event indicators that indicate the possibility of a data loss incident. Even with the best tools, it's a daunting task, akin to locating a proverbial needle in a haystack, and SOC operators face alert fatigue as well.

What should you do?

• Clearly define access security policies – who can do what, when, and how.
• Establish a mechanism for quickly receiving alerts when a security policy is violated, as well as a clear resolution process.

Best practices for preventing data loss

You've probably noticed that a good portion of the "should do" tasks listed above will put a significant strain on your security team. Along with domain expertise, the team must devote significant time and resource bandwidth to repetitive, time-consuming routines.

The most effective way to address these challenges is to leverage specialized database security tools that can assist your team as much as possible by automating repetitive tasks and providing out-of-the-box industry-leading domain expertise.