Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
Log in  ::  Register  ::  Not logged in

IT Security

By Steve Jones,

IT security is a concern for many businesses. At least that's what a survey at the recent Black Hat conference concluded. Most of the respondents couldn't be sure that a foreign state-sponsored attack had not occurred in their networks. About half of the people were not confident that their staff could even detect an attacker. That's a little scary as many of the people felt their systems might come under attack within the next year.

Digital technology has changed the world in many ways, but one of the most amazing to me is how it has leveled the environment in which all of us can interact. No longer does communication, publication, research, even war require the resources of a country or even a large organization. In the cyber world an individual can make as much impact as a large entity. As with most things, this is a double edged sword, and I'm sure many of us will find that vandalism, as well as malicious attacks on our systems will increase in the future.

However the threats, or perhaps the consequences, aren't severe enough yet. Most companies allow shoddy code, vulnerable to SQL Injection, to pervade their internal (and sometimes external) applications. Security training is limited, and review of third party applications is extremely lax. The respondents at Black Hat are making efforts, but those are a self-selective group. Most organizations would never send an employee to Black Hat events or even monitor the trends and information published by groups like SANS.

I do believe that security will become more and more of an issue. I suspect, however, that until businesses are liable, and decide to purchase insurance, we won't see much change. Once insurance premiums start to depend on the level of security you implement, I suspect we'll see the quality of application code increase.

Total article views: 143 | Views in the last 30 days: 4
Related Articles

defending sql injection attacks

defending sql injection attacks


Application Developers don’t own their data

As a data guy, I always smile when application developers refer to ‘their’ data. If only it were tha...


Create security for an application.

How create security for an application ?


An Extra Defense For SQL Injection Attacks

TDSe-cure is a proxy service to SQL Server to block SQL injection attacks.


Expect an Attack

Most companies in a recent survey expect to get hacked this year. Steve Jones wishes that the techno...

database weekly    

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones