Survey: Banks hit by most database breaches

Database software developers in the banking and finance industries reported more security breaches than database developers in any other industry polled in a survey released Monday.

In a poll of 700 database developers working for U.S.-based corporations and software development firms, 12 per cent said the databases they support experienced a security breach within the last year, a survey from market research company Evans Data Corp. showed.

The survey, which was conducted in December, characterized security breaches with three general definitions: a computer virus that successfully corrupts or erases data in a database, a human error that leaves a database corrupted or an unauthorized break-in to a database. Of those methods of breach, computer viruses were said to be most commonly at fault, according to Joe McKendrick, an analyst with Evans Data.

Roughly 27 per cent of the developers surveyed in the banking and financial services industries said they had experienced a security breach last year. In the medical and health care industry, 18 per cent of database developers said they had experienced a breach. An equal percentage of developers in the telecommunications industry reported breaches.

Meanwhile, 12 per cent of the developers working for electronic commerce and other Internet companies reported security snafus. Breaches occurred among nine percent of those developers polled from the government and military sector.

The database developers who took part in the survey use database software from a variety of vendors. The most used applications include Microsoft Corp.’s SQL Server, IBM Corp.’s DB2 and database software from Sybase Inc. and Oracle Corp. Roughly 70 per cent of the developers who took part in the survey said they support databases from two or more of these vendors.

In addition to security protection with firewalls and network authentication, databases typically include built-in security features such as data encryption. However, only 37 per cent of the respondents said they make use of the built-in security features.

“Major vendors have done a fantastic job of incorporating various levels of security features and tools,” McKendrick said. “If these features are used, it provides a good level of security.”

During the year, some reported database security glitches included a hole in Microsoft’s SQL Server that left it vulnerable to hackers during a short period after a user logs off of the database. Another hole was found in Microsoft’s database software in December that left it vulnerable to a denial-of-service attack. Also in June, the Covert Labs division of PGP Security discovered a flaw in Oracle’s Oracle8i database that left it vulnerable to hack attacks.

Of the 700 developers polled by the market research company, one quarter work at companies with more than 1,000 employees. Seventy per cent of the database developers work in-house at corporations; the other 30 per cent work at software development companies.

Evans Data, in Santa Cruz, Calif., is at