A large percentage (figures vary from ~60% to over 75% dependant on source) of all data breaches start internally - in 2020 61% of companies had an insider attack in the past year (1) (Bitglass, 2020).
A large number of data breaches are accidental (human error) rather than malicious. In 2020 62% of insider incidents were caused by negligent employees or contractors. Malicious insiders accounted for only 14% (1) (Panda Security, 2020).
Poorly written queries impacting overall database performance.
No shared accounts
Auditing
Least Privilege
Ensure your database configuration follows policy.
Patch for known vulnerabilities
Monitor for configuration drift
Enforce least privilege
Control privileged user access to data
Enforce separation of duties
Establish and enforce a trusted path to data
Encrypt data in motion and at rest
Protect against network sniffing attacks
Protect against data scraping attacks (.e.g ransomware)
Use native auditing capabilities to capture high-value activity
Use network-based monitoring to examine ALL activity