We all know that security is an issue that we have to pay attention to. At least, those technical people that feel responsible for the security of their systems feel this way. However a short article referencing a DBA survey shows that the rest of the business might not be in sync with the technical people.
I think most DBAs don’t know what a data breach would cost their company. I’m sure that’s not a number that most places I have worked would even bother calculating. Of course, most places probably would have no clue if there were a data breach in the first place.
This puts many technical people in a bad position. They want to do a good job, but management often wants to just give lip service to security. When it comes down to it, the performance, availability and convenience of database servers is much more important than good security to many companies. From allowing access for developers or applications with privileged accounts to preventing password changes because of hard coded entries, it seems that companies aren’t that concerned about security in many cases.
Ultimately some external force is needed for us to make security a priority. It could be through regulation, insurance from lawsuits, or something else, but I don’t have any confidence that companies are going to take security seriously. However you can do some little things yourself, like making sure there are no default passwords open on your systems.