Most IT security resources focus on protecting network equipment from hackers and breaches. Sounds good, but is it true? But most businesses agree that the data hackers most want is in databases and storage servers.
Oracle on Monday released a new study on IT security spending, which showed that most companies are allocating IT security resources to network equipment rather than servers that hold vast amounts of company and user data.
Of the 110 companies surveyed by Oracle -- ranging from financial services , government agencies to high-tech companies -- about 66 percent of respondents employed an "inside-out" strategy, which resources are used to protect the network layer. At the same time, less than a quarter of staff and budget resources are devoted to protecting core storage components, servers, applications and databases.
Only half of the respondents believe that databases are secure because they are deeply embedded in the protection of perimeter security devices.
Dropbox is an example. "The stolen passwords were used to access employees' Dropbox accounts, which contained project documents with users' emails and addresses," said Aditya Agarwal, vice president of Engineering at Dropbox in 2012 on her blog. Hackers don't have to dig deep -- they just have a key in their hands to get into Dropbox .
This is just one example. There are also many data breaches that are actually caused by negligent user passwords, not hackers exploiting zero-day vulnerabilities in company systems .
The report also mentions:
1.90% of respondents said their investment in IT security has remained the same or increased over the past 12 months.
2.40% of the respondents said that the unbalanced and fragmented protection methods make business, enterprise and user data vulnerable to threats and internal data leakage.
3. Nearly two-thirds of companies plan to increase their investment in IT security in the coming year.
4. More than one-third of organizations increase their IT security investments because of news coverage and negative news, not because of internally identified threats.
"Organizations can't continue to spend money in the wrong places," said Mary Ann Davidson , Oracle 's chief security officer . "When attackers breach their defenses, they can look for prioritized user access, vulnerable applications and over-access accounts." , exploiting weak links in the core system."
"So organizations should acquire the most fundamental permissions -- including database security, application security and identity management."
————————————————————————————————————
Chongqing Sizhuang's March 2018 OCP certification training weekend class is being taught face-to-face, welcome to contact for audition! The new OCP weekend class will start on April 1, and registration is hot! For more details, visit the Sizhuang website to consult online customer service.