Cyber Attack Number 6/15: SQL injection
/Sounds sophisticated, but this is often such a simple attack, anyone could do it. SQL is a common language that databases are written in.
Example: you run an e-commerce website, selling products/services. You haven’t put the necessary protections in place, and a hacker discovers a vulnerability, and uses your web form to query your customer database. From here, they can potentially download your entire customer list, and perhaps even delete it afterwards. You can imagine the catastrophic fallout if your customer personal information and credit cards fall into the wrong hands.
Risk Mitigation: the good news is that as simple as an SQL injection attack is, it’s also equality as simple to put measures in place to mitigate your risk of an attack.
If you’re not sure, speak to your web designer or IT staff, and ask if this is something they actively manage and prioritise. Perhaps even get a second opinion.
Target, Yahoo, Zappos, Equifax, Epic Games, TalkTalk, LinkedIn, and Sony Pictures are all examples of companies that have been hacked using an SQL Injection attack.
Image source: Inc.