Businesses Still Beset by SQL Injection Attacks
Each SQL injection breach took an average of nearly 140 days to discover and required an additional 68 days on average to remediate, Ponemon found.Nearly two-thirds (65 percent) of respondents had experienced SQL injection attacks that successfully evaded their perimeter defenses in the past 12 months, according to a report from security research firm Ponemon Institute and database security analyst DB Network. Furthermore, each SQL injection breach took an average of nearly 140 days to discover and required an additional 68 days on average to remediate. The study, which analyzed responses from 595 IT security practitioners in the United States working across a broad spectrum of industries and also the public sector, was conducted to determine the challenges facing organizations around the pervasiveness of SQL injection attacks, and opinions on how to stop these threats. "We believe this is the first study to survey the risks and remedies regarding SQL injection attacks, and the results are very revealing," Larry Ponemon, founder and chairman of the Ponemon Institute, said in a statement. "It is commonly accepted that organizations believe they struggle with SQL injection vulnerabilities, and almost half of the respondents said the SQL injection threat facing their organization is very significant, but this study examines much deeper issues."
For example, the report found that only one-third of those surveyed (34 percent) agreed or strongly agreed that their organization presently had the technology or tools to quickly detect SQL injection attacks.