From Vandalism to Serious Crime

It seems that there are relatively few very talented hackers that can break into your systems. The vast majority of data breaches and issues are from one of two attack vectors: social engineering or script kiddies. Social engineering is hard to fight, especially in large companies where everyone doesn’t know everyone. Script kiddies are more numerous since they don’t need any talent and merely deploy scripts written by others to attack your systems.

Recently it seems that there have been quite a few hacker attacks on systems, often using fairly simple SQL Injection techniques, that aren’t vandalism, and aren’t for profit. These attacks are motivated by hackers who are offended by the companies or organizations and are standing up for customers. That might be worrisome to DBAs and data professionals since you can’t hide data breaches if the attackers publicly post the data they’ve copied and you will certainly receive some of the blame for any breach of security.

In the past it seemed most attacks were DDOS attacks, which were embarrassing for IT folks, but not overly damaging in the long term. The last year or two, however, the attacks have turned to the copying of data and its release. Embarrassing for the company and potentially costing it business, but also worrisome for the system administrators who might be held accountable and possibly lose their jobs.

These days when there is never enough time to test and resources for security are sparse, what is a technical professional to do? One would hope that we would not be held responsible when we cannot perform adequate testing of applications, or we cannot implement strong security, but that is not what happens. We are blamed for being too slow to deploy applications, blamed if security impedes access in any way, and assuredly blamed if there is any successful hack of our systems.

In my mind each technology worker should educate themselves on recommended security techniques and request those techniques be implemented. They might not be, but the documentation that you attempted to do so might save your job.

Steve Jones


The Voice of the DBA Podcasts

About way0utwest

Editor, SQLServerCentral
This entry was posted in Editorial and tagged . Bookmark the permalink.

1 Response to From Vandalism to Serious Crime

  1. Tim Radney says:

    Great topic. IT is fortunate that the majority of these breaches are for public shame and not malicious. I fear that will not last long.

    Like

Comments are closed.