infosec-news January 2012 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Barclays: 97 percent of data breaches still

[ISN] Barclays: 97 percent of data breaches still due to SQL injection

From: InfoSec News <alerts_at_nospam>
Date: Fri Jan 20 2012 - 08:44:45 GMT

By Sophie Curtis
19 January 2012

SQL injection attacks have been around for more than ten years, and
security professionals are more than capable of protecting against them;
yet 97 percent of data breaches worldwide are still due to an SQL
injection somewhere along the line, according to Neira Jones, head of
payment security for Barclaycard.

Speaking at the Infosecurity Europe Press Conference in London this
week, Jones said that hackers are taking advantage of businesses with
inadequate and often outdated information security practices. Citing the
most recent figures from the National Fraud Authority, she said that
identity fraud costs the UK more than £2.7 billion every year, and
affects more than 1.8 million people.

“Data breaches have become a statistical certainty,” said Jones. “If you
look at what the public individual is concerned about, protecting
personal information is actually at the same level in the scale of
public social concerns as preventing crime.”

SQL injection is a code injection technique that exploits a security
vulnerability in a website's software. Arbitrary data is inserted into a
string of code that is eventually executed by a database. The result is
that the attacker can execute arbitrary SQL queries or commands on the
backend database server through the web application.


Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!