BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Barclays: 97 percent of data breaches still due to SQL injection

From: security curmudgeon <jericho () attrition org>
Date: Fri, 20 Jan 2012 02:52:33 -0600 (CST)
[I am pretty sure DatalossDB.org would disagree with that number. I wonder if Jones cites a source for that statistic in the presentation at the Infosecurity Europe Press Conference. The TechWorld article doesn't appear to mention an original source or challenge the figure in any way. - jericho] 


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://news.techworld.com/security/3331283/barclays-97-percent-of-data-breaches-still-due-sql-injection/

By Sophie Curtis
Techworld
19 January 2012
SQL injection attacks have been around for more than ten years, and security professionals are more than capable of protecting against them; yet 97 percent of data breaches worldwide are still due to an SQL injection somewhere along the line, according to Neira Jones, head of payment security for Barclaycard.
Speaking at the Infosecurity Europe Press Conference in London this week, Jones said that hackers are taking advantage of businesses with inadequate and often outdated information security practices. Citing the most recent figures from the National Fraud Authority, she said that identity fraud costs the UK more than £2.7 billion every year, and affects more than 1.8 million people.
"Data breaches have become a statistical certainty," said Jones. "If you look at what the public individual is concerned about, protecting personal information is actually at the same level in the scale of public social concerns as preventing crime."
SQL injection is a code injection technique that exploits a security vulnerability in a website's software. Arbitrary data is inserted into a string of code that is eventually executed by a database. The result is that the attacker can execute arbitrary SQL queries or commands on the backend database server through the web application. 

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/
Previous By Date Next
Previous By Thread Next

Current thread: