Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)

Managed WAF

Starts at $99

Guided onboarding, monitoring of latency, false positives, and DDoS attacks, custom rules, and more

Try Free For 14 Days

What Are Data Breach Consequential Damages?

Posted DateDecember 24, 2015
Posted Time 4   min Read

How many data breaches happened this year? Take a guess.

According to the Identity Theft Resource Center (ITRC) report, there were 750 data breaches that collectively exposed 177, 837, 053 records. Imagine that around 180 million records were stolen this year alone.

There were, in fact, some other interesting pieces of statistics too. Take a look:

  1. Business, healthcare and government entities lost the maximum number of records.
  2. The data breaches increased by 27.5% compared to the last year.
  3. The previous highest number of data breaches was 662 in 2010.

These numbers clearly show that we have taken more hits than ever this year. Earlier, we already told you about how hackers make $193 per credential through database breaches. What’s more tragic is that these are only verified figures. What about the ones that we have no idea about? Leaving data breaches aside, how much have we lost in fraudulent transactions and application Distributed denial-of-service attacks that crashed business services.

Biggest Data Breaches of the Year

Fact 1: The Anthem breach affected 80 million customers.

While there were many small and big incidents right from the start of the year, the biggest blow came in February. Health insurer Anthem Inc. was hacked by an unknown group, which took personal information of their employees and customers. The company did not provide any information on the incident beyond making a statement that records were compromised.

Fact 2: Ashley Madison parent CEO resigned after the hack.

The infamous Ashley Madison case made it bigger in the news than anything else on the list. Allegedly, a group of attackers threatened Ashley Madison to stop their infidelity services, which they, of course, did not. Credit card and personal information for 36 million users were compromised in the attack. However, it was a different hack as the victims had personal stakes involved. Months on, users are still receiving blackmail threats to pay thousands of dollars or attackers will publicize their record.

Fact 3: TalkTalk stock tanked 10% after the hacking news broke.

TalkTalk, the UK-based telecommunications company, was hit by a cyberattack recently where the personal data of about 4 million customers were potentially exposed. It is said that hackers got their hands on names, addresses, email addresses, telephone numbers, account information, credit card, and bank details, even when it was all encrypted. Notably, the last official statement on the incident came from their Chief Executive of Business, Dido Harding. He said that the incident response would cost TalkTalk between £30m and £35m.

Data Breach Consequential Damages

Do we still have to establish that data breaches are not good for sales or business reputation? After all, who wants to do business with companies that cannot protect the bank or personal data? In fact, Gemalto conducted a global survey recently that highlighted the obvious effects.

They collected data from 5,750 consumers spread across 7 countries and found out that 64% of the people are unlikely to shop or do business with a company hit by a data breach.

That is the gravity of the situation. When we consider cybersecurity, we think of the added layer of protection and not the necessity of it. Think about it. Is it worth the risk? Last year, after the Target data breach, traffic on their stores declined by 30-40%. And it was reported that the earnings dropped by 16%. They collectively lost $148 million from a data breach.

What will be the average cost if you are hit by a data breach? First Data has estimated around $36, 000 spent in the mandatory forensic examination, notification to customers, credit monitoring, PCI compliance fines, the liability of fraud charges, card replacement costs, and reassessment on PCI compliance. However, this data is only for small businesses. Increase it multiple times depending on the size of business.

Cybersecurity- Not Just a Buzzword

It seems like the season when everyone wants to talk about cybersecurity. Dozens of products are being made and promoted across the world. However, not everyone understands where the problem lies and how to deal with it. Let’s break it down to three points:

1)   Most cyber-attacks happen at the web application layer.

World-renowned research company Gartner has previously reported that 70% of the hacking attempts happen at the application layer, which is altogether a different zone than the network layer. It has its own vulnerabilities and they need to be addressed proactively.

2)   Web applications change frequently.

Web applications are the core of new-age businesses. They enable online shopping, payments, and pretty much everything else. Quite obviously, companies have to play around them a lot. Frequent code changes lead to new known and unknown vulnerabilities that cannot be addressed by one-time scans.

3)   Human intelligence is essential.

Until we reach adaptive artificial intelligence, machines alone will never be enough. What happens when a zero-day vulnerability is found out? How will you deal with business logic flaws that are present just in your applications and nowhere else?

Indusface proposes a ‘detect, protect, and monitor’ approach to keep your businesses away from data breaches. Under Total Application Security, we continuously look for weaknesses in your applications regardless of changes made or not. Our Web Application Firewall blocks attack attempts from hackers that want to reach your database. The monitor is an integral part of the process where security experts not only study your traffic and attack attempts but also test applications manually. This provides you with an unmatched security perspective backed with solid data and recommendations.

See how ‘detect, protect, and monitor works.

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Serialization Attacks and How to Prevent Them
Understanding Serialization Attacks: Risks, Examples, and Prevention

A serialization attack exploits vulnerabilities in serialization processes to manipulate data or gain unauthorized access, posing significant security risks.

Read More
US Bank Data Breach
1.5 Million Customers Impacted By US Bank Data Breach – Possible Lessons Learned

Flagstar Bank, recently confirmed a data breach that exposed the sensitive details of 1.5 million customers. Read more.

Read More
Data Protection Tips
3 Data Protection Tips to Prevent Data Loss

The data breach trend seems to be increasing. More and more companies are being targeted by the day, and it seems as though no company is immune to this type.

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!