An unfortunate and common problem that is encountered just about everywhere in the world is the theft of valuable items from their owners by individuals who can best be described as criminals. It’s a recurring theme that may be an intrinsic aspect of human nature that we may someday learn to control as a society. Until that time comes, we will need to continue to use locks and other protective measures to make it difficult for thieves to operate successfully.
One of the most valuable items that organizations possess these days is their enterprise data resources. In many cases, the loss of these resources can cripple a company and make it impossible for them to maintain operations. Unfortunately, the damage is often not restricted to the entity that has lost the information. Due to the prevalence of personal and sensitive data that is part of enterprise information assets, many individuals have to deal with the aftermath of stolen or compromised corporate data.
Recent Data Breaches of Note
You may not be aware of the scope of the data breach problem unless you make it a point to frequent security websites on the Internet. Data breaches do not always make headlines in the print or electronic media sources that you use to keep up on world events. Entities affected by an enterprise data breach are not especially motivated to draw attention to the fact. There are reporting standards that should be followed, but there have been instances where companies try to coverup the breach rather than notify the affected parties.
Here are some recent data breaches that highlight the problem and should serve as an incentive for IT departments everywhere to take the issue seriously.
Barnes & Noble
The major book retailer was first made aware of their data being breached on October 10th. The compromised information includes customers’ personal information such as email addresses and transaction history. The company believes that no payment information was stolen in the data breach. They have informed customers to be aware of suspicious emails that could be generated by the perpetrators in attempts to obtain further data from the affected individuals.
OSF Healthcare operates 14 hospitals and 30 urgent care centers in Illinois and Michigan. A breach that occurred between February 7th and May 20th has exposed patient information including names, addresses, phone numbers, email addresses, treatment facilities, birthdays, and treating physicians. While more sensitive data such as social security numbers and financial information was not compromised, the data that was lost can cause problems for those patients. The breach can be traced to software supplier Blackbaud who has been implicated in other data loss situations.
Dickey’s Barbecue Pit
Dickey’s is the largest barbecue chain in the United States and it has been hacked with personal data including payment card details of over three million customers being stolen. Information was apparently collected directly from the chain’s point-of-sale systems. The data of anyone who patronized the restaurants between July 2019 and August 2020 is at risk. A cybersecurity firm found the stolen credit cards on a hacker forum. It appears that restaurants in California and Arizona are most at risk, so customers who used those locations need to take precautions. The stolen cards were being sold for $17 on the dark web.
These are just a few of the many incidents of data breaches that have occurred over the past year. They illustrate the range of targets which can essentially be any organization that stores sensitive data. There is no market sector that is immune to this growing and potentially devastating problem.
Protecting Your SQL Server Environment
Protecting the personal and sensitive data stored in your SQL Server databases is a vitally important component of eliminating the risk of data breaches. It is one aspect of an overall security mindset that should include securing your network and ensuring that only authorized personnel have access to enterprise data.
IDERA’s SQL Secure can help keep your SQL Servers safe from data breaches and protect your organization from the type of negative publicity associated with them. It is a full-featured security solution that will strengthen your physical and virtual SQL Servers no matter where they are located. The tool is equally effective for on-premises implementations, cloud instances, and hybrid combinations of virtual and physic machines.
You can create policies, view risks and assessments, and monitor your systems from a centralized console for easier enterprise management. All security data is stored in a central repository to facilitate analysis and reporting. User permissions can be audited and analyzed using a flexible grid view. One of the biggest risks to sensitive data is, unfortunately, the presence of insider threats coming from unscrupulous or careless employees.
Using the functionality of SQL Secure, you can drill down and analyze database permissions to make sure that only the right people are accessing sensitive data. You can view database roles and identify users who have weak passwords that can easily be compromised. If your organization makes use of SQL Servers to store personal and sensitive data, you should look at how SQL Secure can help you keep them safe.