What did come as a bit of a surprise is that the vast majority of respondents (73%) feel that most or all confidential data is adequately protected and more than half (56%) believe that it is unlikely that they will face a data breach - internal or external - within the next 12 months. Just 2% cite that the likelihood of an internal or external breach in the next year is "inevitable".
These are some of the findings from a new survey (registration required) survey I helped conduct and write as part of my work with Unisphere Research and the International Sybase Users Group (ISUG). The research, underwritten by Application Security, Inc. (AppSec) covered 216 companies.
When you look at the survey results as a whole, some of the data just doesn't add up. On one hand, users feel that they are doing an effective job in providing data security for their organizations, yet the data from some of the more pointed questions yield answers that are in direct conflict with that notion. This false sense of security could very well prove to be the most significant finding across this user group survey.
The findings reveal that the greatest challenges or risks to database security are thought to come from insiders, via human error or abused privileges, as opposed to external hacker activity. Significant to the study was the representation from financial services organizations, which accounted for nearly 25% of the total respondents in this survey.
According to the report, 56% of the non-financial services respondents feel that human error represents the greatest challenge or risk to database security while 24% state that abuse of privileges are the greatest threat. Showing the heightened awareness of the insider threat in the financial services marketplace specifically, 77% are mostly concerned with human error and nearly half (48%) are kept awake at night at the thought of insider privilege misuse.
Among the respondents aware of a data breach that occurred over the past months, two-thirds (66%) indicate that it was a result of either human error or an insider attack.
Other alarming findings suggest that most organizations are still not leveraging automated technology to handle complex database security activities, which can lead to significant wasted time and a far greater chance of human error caused by the tedious task of managing manual processes.
The database activities consuming the most time (with more than 25% of user time dedicated to the activity) according to the report are; database configuration and patch management (28%), database audit and threat management/database activity monitoring (18%), database user rights management (17%), database asset management (14%), database vulnerability management (13%) and database policy management (11%).