While perimeter, cloud and mobile security tend to grab theheadlines, in reality it’s the database repositories and theprivate financial information stored in databases that are theactual targets of most breaches. Comprehensive database security iscommonly an overlooked area within financial servicesorganizations, yet one of the most critical.

Databases pose a unique security challenge for banks andfinancial institutions of all sizes. The database infrastructure atfinancial services companies is usually quite extensive with manydatabases remaining unknown, unmonitored, or simply left completelyunmanaged and worse, unsecured. It’s a common mistake for financialservices organizations to have limited visibility into theirdatabase infrastructure, providing an open avenue forcyberattackers. Once inside the database infrastructure, anattacker can easily operate strategically and remain undetected,stealing records, compromising credentials and installing malwareover many months.

In fact, according to KPMG’s 2016 Banking OutlookSurvey published earlier this year, approximately 47% ofbanking EVPs and managing directors, as well as 72% ofSVPs, reported they do not have insight into whether theirinstitution’s security has been compromised by a cyberattack overthe past two years. These numbers are alarming and point to acritical need for securing and monitoring databases. Any attackthat reaches the core networks can put the financialinstitution databases and private information at extreme risk.

With breaches increasing at an alarming rate, it’s important forfinancial organizations to follow thorough data stewardshippractices and continuously monitor all of their databases – fromtheir initial deployment, throughout their lifecycle and into theirretirement when the database is decommissioned. Monitoring needs tobe detailed down to the table level to completely understand thedatabase security profile, data ownership, purpose of the data andany changes to the data stores. Without an in-depth understandingof every database and detailed knowledge of the private dataresiding in databases throughout the network, it is impossibleto keep data secure and prevent a serious breach. IT securitypersonnel need to put the proper tools, policies and procedures inplace.

The process starts with a comprehensive assessment of thedatabase infrastructure. It is recommended to use non-intrusivemonitoring tools to identify every database onthe network and every application or user that isaccessing them. Further, the database’s business purpose needs tobe documented, the nature and sensitivity of the data stored in thedatabases determined, and proper retention policies established. Itis also important to know what will be done with each database whenits retention time has expired. Zombie databases that should havebeen decommissioned long ago are an open opportunity for attackbecause the database may not be properly patched, credentials maynot have been updated and no one is actively monitoring thedatabase activity.

Once policies are established and the verification of alldatabases is complete, financial organizations should thencontinuously monitor these databases throughout their lifecycle toensure policies and procedures are updated and effectivelyenforced. The key to stopping serious data breaches is payingspecific attention to who is using or accessing a database, howit’s being used and identifying key changes in use patterns.Identification of an unknown user or uncommon usage pattern may bea sign that there’s a malicious attacker on the network.

Zombie databases are particularly vulnerable to insider threats,advanced persistent threats and compromised credentials. Attackerscan use them as an open door to get access to other databases andpotentially private financial information acrossthe network.

In a similar fashion, rogue databases can present a large andvery high-risk attack surface as well. These one-off databases mayhave been commissioned during the development phase of a newapplication and connected to the network without the ITteam being aware of their existence. While developers may thinkthey are doing something innocuous, without IT going through theproper lifecycle steps, the data won’t be properly protected.Private data on these rogue databases resides outside the scope ofthe security team, leaving the organization highly vulnerable.Without intelligent monitoring to identify when a new database isactive on the network and to check the database againstcurrent data asset inventory, it’s not possible to properly secureits data.

With so much attention focused on securing the perimeter, mobiledevices and the cloud, financial services IT teams risk ignoringthe security of their organizations’ crown jewels – all of thedatabases residing on their network. In order to prevent aserious data breach, every database needs to be identified,inventoried, continuously monitored and retired if not in use. It’sextremely critical for the protection of sensitive information forIT teams to be aware of who is accessing a database, what eachdatabase is used for, and to ensure data is protected for thelifetime of the database. Without a comprehensive databasemonitoring model in place, financial institutions run the risk of aserious breach of information and becoming front page news.

Steve Hunt is president and COO for DB Networks.He can be reached at 800-598-0450 or [email protected].

Join us in Dallas at the new Credit UnionTimes Fraud:Don’t Let It Happen To Your Credit UnionConference, whereyou will find the latest tools and techniques for preventing fraudand data breaches; strategies for responding in the immediateaftermath and best practices for restoring reputation, financialstability and information security. This two-dayconference is designed for credit union executives, board ofdirectors and those responsible for your credit unions cybersecurity policy. Registerto attend and save $150.