While SQL injection attacks typically make up 20 percent of attacks aimed at other medium-sized markets, Alert Logic has found that SQL injection attacks account for 90 percent of attacks logged against its financial clients over the past quarter.
The overwhelming number of SQL injection attacks aimed at financial services firms is further evidence of the specific targeting of medium-sized financial firms by hackers and criminal organizations. In the past, most email-borne IT threats were designed to hit as many companies as possible, regardless of their size or business niche. Criminal organizations have changed those tactics to specifically target medium-sized financial firms, who often depend solely on firewalls for network protection and as a result are not sufficiently protected from well-designed attacks tailored for individual business sectors, such as financial services.
"Any lingering thoughts that [medium sized financial firms] had regarding their ability to be under the radar for these criminal hacking groups should be gone," said Chris Smith, vice president of marketing for Alert Logic. "SQL injection attacks are the best way to get to database information and for financial services firms, database information is the most sensitive. Any medium-size financial services company depending on firewall and antivirus protection alone is not sufficiently protected and has probably already been breached."
