The Importance Of Security Awareness Training For An...

Abstract The purpose of this paper is to identify common and severe threats to an organization’s database regardless of the size of the company. As well as the techniques that can be used to mitigate the weaknesses and reduce the threats to the database. Lastly this paper will cover the importance of security awareness training. Introduction In the world of technology, information is becoming increasingly available, which is mainly due to the increasing capabilities of databases. Every company regardless of size relies on databases to store and organize data for easy retrieval when needed. Databases are very critical to just about very organization and individual in the modern world. Everyone interacts with databases either indirectly or†¦show more content†¦Threats There are a number of threats that can potential bring an organization to its knees, costing companies millions of dollars in damages and loss of future revenue. Many threats can come from black hat hackers attacking a business’s infrastructure, however, some threats can even come from employees. Either way it is the companies responsibility to protect the information stored and processed on its databases. Regardless of how the threat presents itself, whether internally from a malicious user or accidentally from a new employee, or from outside threats using injection attacks to the application running on the database. Some of the common or know types of attacks or threats to a database are SQL injection, Buffer overflows, malware, and the average user. All of these attacks and threats can cripple a company’s network and ruin its reputation. SQL Injection SQL injections used by an attacker to gain access to information on an organizations database through an organization’s own application. SQL injections are designed to exploit weakness with the data fields of the application, allowing an attacker to input commands and codes to obtain the information on the database. Information like usernames and passwords, or even actually data stored on these databases. This attack has been around for years, yet according to OWASP SQL injections are the number one threat to companies in 2013. The reason this attack has made it to the top of the list, is