Reply to post:

Forget data thieves, data sabotage will be your next IT nightmare

Nick Ryan Silver badge

It's far from a new problem and just daft that it's being touted as something new. Data has always been subject to accidental or malicious changes.

Encrypting the data itself doesn't make a lot of difference really (except for passwords), it's another fad that while it does have practical benefit for security, the reality is that this is very limited. It's much more likely that user credentials are leaked and through those, and possibly programming and security faults, that data is changed.

For example, I gave myself access to an MS-SQL database because an IIS .net application's web.config file had the credentials stored in plain text and this user was configured on the database server with the System Administrator role. Encrypting the database wouldn't have made a tiny bit of difference to this but it's an example of how easy it is go elevate access with relatively trivial initial access.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022