Home GDPR #Privacy: Data breaches costing £265m could have been prevented for as little as £9,600
GDPR - October 24, 2019

#Privacy: Data breaches costing £265m could have been prevented for as little as £9,600

New research has revealed that the combined costs of breaches could have been easily avoided with the use of bug bounty programs.

HackerOne, the bug bounty and pen testing platform has found that four major data breaches – British Airways (2018), Carphone Warehouse (2018), TalkTalk (2015) and TicketMaster (2018) – could have been avoided for as little as £9,600 collectively.

The figure is based on bug bounty rewards paid to researchers that have discovered vulnerabilities similar to those found in the breaches. The research also investigated the costs, fines, and lawsuits associated with the said breaches.

The vulnerabilities that were identified within the four breaches, included third-party JavaScript exploits, an out-of-date WordPress interface and SQL injection – all of which could have been prevented if it was identified and disclosed as part of the bug bounty program.

Based on the average bug bounty prices, HackOne stated that collectively, the victim organisations would have had to pay between £9,600 to £32,000.

Prash Somaiya, security engineer, HackerOne commented:

“Attack surfaces are growing all the time, and it’s a significant challenge just trying to stay ahead of cyber-criminals. The most secure organizations realize there are many ways to identify where they are most vulnerable.

“By running bug bounty programs and asking hackers to find their weak spots, our customers have safely resolved over 120,000 vulnerabilities before a breach could occur. This research is a rough estimate on bounty prices, based on our existing programs across the same industries, but it does highlight that companies can save millions and reduce risk by being proactive when it comes to identifying and patching their vulnerabilities.”

The post #Privacy: Data breaches costing £265m could have been prevented for as little as £9,600 appeared first on PrivSec Report.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Getting employees invested: Overcoming complacency to emphasize security

Your employees are the key to smarter security. Learn how you can re-establish company sec…