SAN DIEGO, June 10, 2014 -- Privacy and information security research firm Ponemon Institute, along with DB Networks, an innovator of behavioral analysis in database security, today announced the results of the Ponemon Institute’s study on the recent U.S. retailers breaches. The study found most respondents agreed that continuous monitoring of database networks is the best approach to avoid breaches such as the high-profile attacks against Target, Michaels and other U.S. retailers. Furthermore, more than half (57 percent) of respondents believed that the attacks against the U.S. retailers involved SQL injection as one of the components of the attacks.
“The SQL Injection Threat & Recent Retail Breaches” report was independently conducted by the Ponemon Institute, one of the world’s foremost authorities on data security and privacy. The research was conducted to gain a deeper insight into the recent U.S. retailers breaches, including to better understand why these retailers were so vulnerable, what security countermeasures could have been employed, and who was likely responsible for the attacks. The study analyzed responses from 595 IT security experts in the United States working across a broad spectrum of industries and also the public sector. “The SQL Injection Threat & Recent Retail Breaches” study respondents are very familiar with the security compliance requirements for retailers who accept payment cards, and 69 percent of the respondents indicated their organization must comply with Payment Card Industry Data Security Standard (PCI DSS).
“While details of the recent retailers breach haven’t yet been fully disclosed by the retailers who were breached or the U.S. Secret Service in charge of breach investigations, this study offers some interesting industry insight into these events from IT security professionals and experts familiar with PCI DSS,” said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute.
For a copy of the study, see: http://www.dbnetworks.com/form/Ponemon_SQL_Injection_Threat_And_Recent_Retail_Breaches.htm
Additional key findings of the study include:
• Fifty-three percent of respondents in total indicated that breach notification should occur within a month
• Initial reports were that a Russian teenager was the perpetrator of the Target breach, however half the respondents felt that it was actually the work of a cyber criminal syndicate. Only 15 percent responded that a lone wolf hacker was the likely culprit, while 11 percent responded that nation-state actors were likely responsible.
• While most respondents believed that the attacks against the retailers databases involved SQL injection, almost half of the respondents said the SQL injection threat also facing their own organization is very significant. (continued...)