When think in security , always ,my conclusion, is easy hack a organization
Attack the well know port 1433 SQL server
I read this https://www.hackingarticles.in/mssql-peneration-testing-using-nmap/
Common Port
About syntaxis SQL injections
Solutions
Use this configuration a FIREWALL
d.oracle.com/oll/tutorials/SQLInjection/index.htm
Change default port https://www.ryadel.com/en/sql-server-change-default-tcp-1433-port-mssql/