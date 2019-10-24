Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

£265m Data Breach Costs Could Have Been Avoided with £9600 Worth of Bug Bounties

New research from bug bounty and pen testing platform HackerOne has revealed that four major data breaches – British Airways (2018), Carphone Warehouse (2018), TicketMaster (2018) and TalkTalk (2015) – which cost over £265m in damages cumulatively, could have been prevented for as little as £9600 (collectively) with the use of bug bounty programs.

That estimate is based on typical bug bounty rewards paid to researchers that have discovered the same vulnerabilities that led to the above breaches. According to HackerOne, the research studied the costs, lawsuits and fines associated with the data breaches.

The firm claimed that the mammoth combined costs of the breaches could have been avoided had the vulnerabilities – which included third-party JavaScript exploits, an out-of-date WordPress interface and SQL injection – been identified and responsibly disclosed by researchers as part of a bug bounty program. HackerOne stated the victim organizations would have collectively only had to pay out between £9600-£32,000, based on average bug bounty prices.

“Attack surfaces are growing all the time, and it’s a significant challenge just trying to stay ahead of cyber-criminals. The most secure organizations realize there are many ways to identify where they are most vulnerable,” said Prash Somaiya, security engineer at HackerOne.

“By running bug bounty programs and asking hackers to find their weak spots, our customers have safely resolved over 120,000 vulnerabilities before a breach could occur. This research is a rough estimate on bounty prices, based on our existing programs across the same industries, but it does highlight that companies can save millions and reduce risk by being proactive when it comes to identifying and patching their vulnerabilities.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

German Automation Giant Still Down After Ransomware Attack

2
News

AWS Left Reeling After Eight-Hour DDoS

3
News

McAfee Names Alexis Bledel Most Dangerous Celebrity

4
News

Italians Rocked by Ransomware

5
News

Cash-back Websites Expose 2 TB of Sensitive Information

6
News

Most Effective Phishing Tactic Is to Make People Think They've Been Hacked

1
News

Chartered Institute: IT Security Industry is Stagnating

2
Interview

Interview: Rajan Kapoor, Director of Security, Dropbox

3
News

Action Fraud Snafu Leaves 9000 Cases Quarantined

4
News

£265m Data Breach Costs Could Have Been Avoided with £9600 Worth of Bug Bounties

5
News

AWS Left Reeling After Eight-Hour DDoS

6
Opinion

Cloud Migration Makes an Old Data Security Problem New Again

1
Webinar

Authentication Standards in 2019: Why Passwords Remain Problematic, and Future Solutions

2
Webinar

Are You At Risk? Know Your Cybersecurity Posture With Security Ratings

3
Webinar

Identifying and Defending Against Advanced and Automated Attacks

4
Webinar

The Insider's Motive: Defending Against the 7 Most Common Insider Threats

5
Webinar

Mobile Access: Best Practices for a Modern Security Approach

6
Webinar

The Persistence of Ransomware, New Variants & Better Tactics to Defend & Defeat

1
Blog

Are Pwned Passwords Putting Your Business at Risk?

2
Blog

Security by Sector: Cyber-Criminals Seek to Exploit Automotive Manufacturing

3
Interview

Interview: Rafe Pilling, Senior Security Researcher, Secureworks

4
Webinar

Identifying and Defending Against Advanced and Automated Attacks

5
Opinion

Equifax and Capital One: What Should We Learn?

6
Interview

Interview: Martin Lee, Outreach Manager and Technical Lead, Cisco Talos