How Long Does It Take To Recover From An SQL Injection Attack?

SQL injections are a popular form of attack that exploits vulnerabilities in applications. This type of attack commonly targets web applications used by companies and, as Kelly Jackson Higgins of Dark Reading reports, it can take months to discover the attack and mitigate it.

Over the past year, SQL injections have been discovered at 65-percent of organizations polled. This is a common form of attack that can be used on networks of any size, from businesses large and small to even homes. On average, these attacks take 9-months from the time the attack occurs initially to the time a company fully recovers. Much of that time, about 140-days on average, is spent not knowing the SQL injection is even taking place. In fact, nearly half of companies that have been the victim of these attacks say it’s taken a minimum of 6-months to detect them.

The respondents in the study were made up of 595 IT professionals working for both commercial and government organizations in the US. The issue, it seems, is that most businesses don’t test third party applications for potential vulnerabilities. Considering the vital nature of third party applications for many businesses, this is a costly misstep. Many businesses also continue to rely on signature-based security. This leaves them vulnerable to attacks that have not yet been spotted and categorized. For cutting edge and more intelligent attacks, a shift to behavioral analysis based tools is needed.

Making matters worse is the growing trend of mobile devices using a company’s network. Many of the surveyed IT professionals agreed that these devices made it harder to find the source of the SQL injections.

SQL injections are a real threat and while more and more businesses are aware of them, more needs to be done to protect against them.

For help protecting against costly attacks on your network or recovering from one, call Geek Rescue at 918-369-4335.