Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

IT Security

By Steve Jones,

IT security is a concern for many businesses. At least that's what a survey at the recent Black Hat conference concluded. Most of the respondents couldn't be sure that a foreign state-sponsored attack had not occurred in their networks. About half of the people were not confident that their staff could even detect an attacker. That's a little scary as many of the people felt their systems might come under attack within the next year.

Digital technology has changed the world in many ways, but one of the most amazing to me is how it has leveled the environment in which all of us can interact. No longer does communication, publication, research, even war require the resources of a country or even a large organization. In the cyber world an individual can make as much impact as a large entity. As with most things, this is a double edged sword, and I'm sure many of us will find that vandalism, as well as malicious attacks on our systems will increase in the future.

However the threats, or perhaps the consequences, aren't severe enough yet. Most companies allow shoddy code, vulnerable to SQL Injection, to pervade their internal (and sometimes external) applications. Security training is limited, and review of third party applications is extremely lax. The respondents at Black Hat are making efforts, but those are a self-selective group. Most organizations would never send an employee to Black Hat events or even monitor the trends and information published by groups like SANS.

I do believe that security will become more and more of an issue. I suspect, however, that until businesses are liable, and decide to purchase insurance, we won't see much change. Once insurance premiums start to depend on the level of security you implement, I suspect we'll see the quality of application code increase.

 
Total article views: 144 | Views in the last 30 days: 1
 
Related Articles
FORUM

defending sql injection attacks

defending sql injection attacks

FORUM

Create security for an application.

How create security for an application ?

ARTICLE

Application Developers don’t own their data

As a data guy, I always smile when application developers refer to ‘their’ data. If only it were tha...

ARTICLE

An Extra Defense For SQL Injection Attacks

TDSe-cure is a proxy service to SQL Server to block SQL injection attacks.

ARTICLE

The Black Boxes

The world of machine learning and artificial intelligence are growing. Steve Jones notes this means ...

Tags
database weekly    
editorial    
 
Contribute