It seems that there are relatively few very talented hackers that can break into your systems. The vast majority of data breaches and issues are from one of two attack vectors: social engineering or script kiddies. Social engineering is hard to fight, especially in large companies where everyone doesn't know everyone. Script kiddies are more numerous since they don't need any talent and merely deploy scripts written by others to attack your systems.
Recently it seems that there have been quite a few hacker attacks on systems, often using fairly simple SQL Injection techniques, that aren't vandalism, and aren't for profit. These attacks are motivated by hackers who are offended by the companies or organizations and are standing up for customers. That might be worrisome to DBAs and data professionals since you can't hide data breaches if the attackers publicly post the data they've copied and you will certainly receive some of the blame for any breach of security.
In the past it seemed most attacks were DDOS attacks, which were embarrassing for IT folks, but not overly damaging in the long term. The last year or two, however, the attacks have turned to the copying of data and its release. Embarrassing for the company and potentially costing it business, but also worrisome for the system administrators who might be held accountable and possibly lose their jobs.
These days when there is never enough time to test and resources for security are sparse, what is a technical professional to do? One would hope that we would not be held responsible when we cannot perform adequate testing of applications, or we cannot implement strong security, but that is not what happens. We are blamed for being too slow to deploy applications, blamed if security impedes access in any way, and assuredly blamed if there is any successful hack of our systems.
In my mind each technology worker should educate themselves on recommended security techniques and request those techniques be implemented. They might not be, but the documentation that you attempted to do so might save your job.
Steve Jones
The Voice of the DBA Podcasts
- Watch the Windows Media Podcast - 20.4MB WMV
- Watch the iPod Video Podcast - 15.8MB MP4
- Watch the MP3 Audio Podcast - 3.7MB MP3
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed: or now on iTunes!
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
You can also follow Steve Jones on Twitter: