Skip to main content

Nearly half of all on-premises databases have unpatched vulnerabilities

Best cloud databases
(Image credit: Pixabay)

Almost half of all on-prem database around the world contain some form of known, addressable security vulnerabilities, over half of which were ranked as high or critical severity. according to a new survey.

Conducted over five years by cybersecurity vendor Imperva, the survey scanned around 27,000 databases, finding 46% contained vulnerabilities at an average of 26 vulnerabilities per database.

“Too often, organizations overlook database security because they’re relying on native security offerings or outdated processes. Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data,” observed Elad Erez, Imperva's Chief Innovation Officer.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Erez adds that owing to the large number of vulnerable on-prem databases, it shouldn’t be a surprise if there’s an increase in the number of reported breaches.

Lack of security awareness

Regional analysis reveals that France tops the list with 84% of the databases being vulnerable with an average of 72 vulnerabilities per database. The UK clocks in at the fourth position with 61% of vulnerable databases at an average of 37 vulnerabilities per database.

Imperva argues that since a majority of the scanned databases handle some of the most sensitive data, including that related with financial transactions, keeping them vulnerable to cyberattacks is a risky proposition not just for the organization, but for their customers as well.

“Whether it’s down to the perceived difficulty of fixing these vulnerabilities, or not even knowing how exposed databases are, organizations are quite simply making it far too easy for attackers,” Imperva believes.

And since the real issue is a lack of security awareness, the company suggests that there’s no guarantee that moving to the cloud will improve matters, since it might just mean that businesses are simply swapping “one set of mistakes for another.”

Instead, Erez suggests that businesses must respond by devising a comprehensive security strategy that’s built around the protection of data irrespective of where it exists. 

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.