New research from bug bounty and pen testing platform HackerOne has revealed that four major data breaches – British Airways (2018), Carphone Warehouse (2018), TicketMaster (2018) and TalkTalk (2015) – which cost over £265m in damages cumulatively, could have been prevented for as little as £9600 (collectively) with the use of bug bounty programs.
That estimate is based on typical bug bounty rewards paid to researchers that have discovered the same vulnerabilities that led to the above breaches. According to HackerOne, the research studied the costs, lawsuits and fines associated with the data breaches.
“Attack surfaces are growing all the time, and it’s a significant challenge just trying to stay ahead of cyber-criminals. The most secure organizations realize there are many ways to identify where they are most vulnerable,” said Prash Somaiya, security engineer at HackerOne.
“By running bug bounty programs and asking hackers to find their weak spots, our customers have safely resolved over 120,000 vulnerabilities before a breach could occur. This research is a rough estimate on bounty prices, based on our existing programs across the same industries, but it does highlight that companies can save millions and reduce risk by being proactive when it comes to identifying and patching their vulnerabilities.”
Source: Infosecurity Magazine