Banks take brunt of database breaches
- 30 January, 2002 08:10
A new survey has found the banking and finance sector suffers more database security breaches than any other industry forcing Australia's biggest players to beef up security practices.
Personal investment giant AMP, which has 6000 employees, is in the process of tightening security on database applications from 128-bit encryption to 256-bit encryption.
Referring to the US survey of 700 database developers who work for companies with more than 1000 employees, an AMP e-business analyst said the company is "very tight on application security across the board and we're constantly upgrading our software".
He said the company runs database applications like Oracle, SQL Server and Lotus Domino upgrading regularly "purely for security reasons".
The analyst said there has been no attempt at database breaches in the past year, but unsuccessful hacking attempts on its Web sites had hit the company during this period.
"The only problem we've had with database security is that we get a lot of e-mail viruses coming in, like the Anna Kournikova virus last year," the analyst said.
The survey, which was conducted in December by market researcher Evans Data, found nearly 30 per cent of developers in the banking and financial services sector said they had experienced a security breach last year. This was followed by the medical and health care industry.
It characterised security breaches with three general definitions: a computer virus that successfully corrupts or erases data in a database; a human error that leaves a database corrupted; or an unauthorised break-in to a database.
Of those methods of breach, computer viruses were said to be most commonly at fault, according to Joe McKendrick, an analyst with Evans Data.
The database developers who took part in the survey use database software from a variety of vendors. The most used applications include Microsoft's SQL Server, IBM's DB2 and database software from Sybase and Oracle.
About 70 per cent of the developers who took part in the survey said they support databases from two or more of these vendors.
In addition to security protection with firewalls and network authentication, databases typically include built-in security features such as data encryption. However, only 37 per cent of the respondents said they make use of the built-in security features.
Matt Berger contributed to this article.