Vulnerabilities of Data at Rest
While sniffing data on the wire may yield a big reward, data at rest is the proverbial pot of gold. Most organizations maintain detailed databases of their personnel information, for example, making the large corporation a very tempting target. These databases regularly contain quantities of names, addresses, and even social security numbers for tax purposes. This is all the information that someone needs to steal your identity. Statistics show that identity theft attacks are increasing. More than thirty thousand victims reported ID theft in 2000; in 2003, the Federal Trade Commission received more than half a million complaints.
A major issue in protecting your data repository is the fact that there are so many avenues of attack. Attacks can be launched against the operating system, the database server application, the custom application interface, the client interface, and so on. Application attacks don't have to be directed against the target application, either. Any attack providing system-level access to an attacker is a risk to your data.
Your system is also a potential target for a multitude of computer viruses, worms, and Trojans. Current reports put the number of these types of applications at more than 100,000. Many recent computer worms leave systems vulnerable by covertly installing a backdoor that enables the attacker to enter the system at will.