Nearly half of all on-premises databases have unpatched vulnerabilities

News
By published

Simply transitioning to the cloud may not be the answer

Best cloud databases
(Image credit: Pixabay)

Almost half of all on-prem database around the world contain some form of known, addressable security vulnerabilities, over half of which were ranked as high or critical severity. according to a new survey.

Conducted over five years by cybersecurity vendor Imperva, the survey scanned around 27,000 databases, finding 46% contained vulnerabilities at an average of 26 vulnerabilities per database.

“Too often, organizations overlook database security because they’re relying on native security offerings or outdated processes. Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data,” observed Elad Erez, Imperva's Chief Innovation Officer.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Erez adds that owing to the large number of vulnerable on-prem databases, it shouldn’t be a surprise if there’s an increase in the number of reported breaches.

Lack of security awareness

Regional analysis reveals that France tops the list with 84% of the databases being vulnerable with an average of 72 vulnerabilities per database. The UK clocks in at the fourth position with 61% of vulnerable databases at an average of 37 vulnerabilities per database.

Imperva argues that since a majority of the scanned databases handle some of the most sensitive data, including that related with financial transactions, keeping them vulnerable to cyberattacks is a risky proposition not just for the organization, but for their customers as well.

“Whether it’s down to the perceived difficulty of fixing these vulnerabilities, or not even knowing how exposed databases are, organizations are quite simply making it far too easy for attackers,” Imperva believes.

And since the real issue is a lack of security awareness, the company suggests that there’s no guarantee that moving to the cloud will improve matters, since it might just mean that businesses are simply swapping “one set of mistakes for another.”

Instead, Erez suggests that businesses must respond by devising a comprehensive security strategy that’s built around the protection of data irrespective of where it exists. 

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Hacker Typing
Racing against time on a menacing caldera: survey finds majority of organizations take days to tackle critical vulnerabilities, each of them a potential open goal for cybercriminals
API
Businesses are being plagued by API security risks - with nearly 99% affected
Holographic representation of cloud computing over open businessman&#039;s hand
Businesses are struggling to address vulnerabilities hidden in phantom dependencies
Classroom
Many schools still don’t have basic cybersecurity measures, research reveals
Data Breach
Thousands of widely-used public workspaces are leaking data
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
Third-party data breaches have become a major security concern
Latest in Pro
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Adobe Firefly
Adobe launches game-changing GenAI tools for video editing
Adobe AI agents
Adobe launches 10 new AI agents to automate key marketing workflows
Data leak
Top California sperm bank suffers embarrassing leak
Latest in News
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
Google Pixel 9a
Google is delaying the Pixel 9a to fix a mystery “component quality issue”
The bottom left corner of an Android phone, showing the Phone, Messages, Google icons and Google Search bar
Google Messages remote delete will soon save you from texting embarrassment – and here's how it works
ExpressVPN mobile app and Aircove
ExpressVPN ‘reduces workforce’ for the second time in two years
The Nanoleaf PC Screen Mirror Lightstrip being used on a desktop computer.
Mac gaming could get an intriguing boost – but not in the way you'd expect
Snapdragon G Series
Qualcomm poised to muscle in on AMD's territory with powerful gaming handheld processors
More about pro
Data center server room lit with green lights

Microsoft is MIA as Amazon, Meta, Google and others join consortium to triple nuclear energy output by 2050
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X

A worrying Apple Password App vulnerability reportedlyleft users exposed for months
Tim Cook

The EU wants Apple to open iOS to competitors and this is the mother of all bad ideas
See more latest
Most Popular
The bottom left corner of an Android phone, showing the Phone, Messages, Google icons and Google Search bar
Google Messages remote delete will soon save you from texting embarrassment – and here's how it works
Data center server room lit with green lights
Microsoft is MIA as Amazon, Meta, Google and others join consortium to triple nuclear energy output by 2050
Thrustmaster Sol-R flight stick
Thrustmaster announces the Sol-R 1 and Sol-R 2 HOSAS flight sticks designed for space sims like Elite Dangerous
Image of AC Shadows cover art &amp; Steam Deck
It's not perfect, but Assassin's Creed Shadows' performance is impressive - it runs smoothly on the Steam Deck and Asus ROG Ally
Google Pixel 9a
Google is delaying the Pixel 9a to fix a mystery “component quality issue”
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
The new KontrolFreek Call of Duty Performance Thumbsticks on a purple background.
Exclusive: the new KontrolFreek Call of Duty Performance Thumbsticks Speed Cola Edition might be the coolest looking yet and come with a limited in-game item
David running in the desert in House of David.
Prime Video’s hit new historical drama will continue its reign for another season as House of David gets renewed
ExpressVPN mobile app and Aircove
ExpressVPN ‘reduces workforce’ for the second time in two years