“Securing databases and other sensitive assets from inadvertent exposure requires understanding your asset inventory, having enforceable security controls in place, and [employing] continuous monitoring to detect configuration drift and insecurities,” said Jack Mannino, CEO at nVisium. “Some databases ship with insecure default configurations, while many organizations also fail to implement basic security controls such as strong authentication and encryption of data at rest and in transit, either because of lack of specialist resources who understand the security features available in such databases or [because] business needs outpacing security. The absence of those controls makes mass exploitation attempts easier.”

Read the article here: https://www.scmagazine.com/home/security-news/data-breach/malicious-actor-holds-at-least-31-stolen-sql-databases-for-ransom/