The ways that cyber criminals and hackers use to get to private information are constantly evolving to keep up with changing security measures. As companies hire third party network security services companies to find holes and fix them, hackers are working hard to find ways around the newest protection available. Although the newest types of attacks are generally the hardest to fight, there are security attacks that have stood the test of time, even though they are more than a decade old. One such example is the SQL injection attack.

SQL attacks inject code into websites that have a security vulnerability. By hiding a malicious bit of code into existing code, the hacker can remotely control information being given to the normally secure website. PCWorld explains a recent example of the damage a SQL injection can do:

“In October 2011, for example, attackers planted malicious JavaScript on Microsoft’s ASP.Net platform. This caused the visitor’s browser to load an iframe with one of two remote sites. From there, the iframe attempted to plant malware on the visitor’s PC via a number of browser drive-by exploits.”

The same article discusses how SQL injection attacks are still the most common form of data breaches in the world, even though IT professionals are well-versed in stopping such attacks. Usually these attacks aim at stealing identity information from company servers, exploiting the data entrusted to businesses by customers:

“…hackers are taking advantage of businesses with inadequate and often outdated information security practices. Citing the most recent figures from the National Fraud Authority, she said that identity fraud costs the UK more than £2.7 billion (US$4.7 billion) every year, and affects more than 1.8 million people.”

These types of attacks account for more than 95% of the world’s data breaches and they are totally preventable. Don’t let your business be a target for hackers in the upcoming year. Make sure you get a security audit to find out what is needed to secure your network.