According to research made by Statista, the average price of a data breach in 2022 was 4,350,000 USD. The average price of a data breach heavily depends on a couple of factors, the key ones being:
- What infrastructure was breached?
- How did we become aware of the data breach?
- Is the data in the database at risk? If yes, what data was stolen? How many records did the database contain?
- Did the user records get leaked? Is the database of the application being sold for a specific price? If yes, what's the price?
Here's why the answers to these questions are so vital for us:
- Infrastructure – the price of the data breach depends on whether the application that has been breached has been fortified or not. Read further to understand why.
- The way we have been made aware of the data breach also counts – if the only thing that alerted us was the data breach hitting the media, the consequences are likely to be more severe. However, if we became aware of the data breach through our internal security team and the information didn't spread any further, the consequences to the company will be less painful.
- If we have a reason to believe the data in the database behind the application was compromised, we have an answer to one of the most vital questions – we now know exactly how many records were compromised (it's safe to assume that the attacker stole either the user table within the database or the entire database itself), and we now know what actions to take going further.
- Furthermore, if we do know that the user database got leaked, we can start rounding up the names of hacker forums where the database could've appeared. By rounding up their names we will be probably able to determine a specific thread that was created to sell the database in question, and thus, identify the people (by an alias, of course) that were interested to buy the database.
After we have the answers to the most pressing questions specified above, we can dive further into them. Starting from the infrastructure, the heavier it was fortified, the harder it was for the attacker to breach it – and the harder it was for the attacker to gain access to our most vital data, the bigger the price of the data breach. In this case, the price of the data in question can even double or triple – it all depends on the effort that was put into making the data breach possible.
If the media was what alerted the company of the data breach, the monetary price of the data will be, contrary to a popular belief, significantly smaller because from the perspective of an attacker, the more people know about the data breach, the riskier it is to access a specific account by using a password that was being used due to the fear of being "exposed." Furthermore, if the media knows about the data breach, the price of the data breach is likely to plummet to zero – it's of no use to any nefarious party. Not long after the price drops, the data gets leaked and from the perspective of an attacker that means it's worthless.
If we know that the database was compromised, it's safe to assume that the entire database is in danger – that's what determines the price. Attackers are mostly interested in the user table; they're most likely betting that the passwords that were used within the application didn't get reset and we didn't have the time to figure out that a data breach has happened. That's why it's so vital to have proper monitoring systems in place – a data breach monitoring infrastructure will be able to alert us when the files within the server get changed, once someone logs in to an administrative account with a different IP address than usual, etc. Once again, contrary to a popular belief, installing data breach monitoring infrastructure is easier than usual – if you find yourself using WordPress, it can be as simple as installing a plugin that detects unusual logins and password changes. Putting automated backup software in place will also help – if you're not using WordPress, worry not though: other content management systems have similar approaches to security too.
After the incident, though, there's nothing much you can do apart from issuing a global password reset and alerting all of your users of the data breach that just happened. That and revising your security policy (automating backups, detecting usual logins, etc.) will take your application further than you could ever imagine!
After that's done and we have the technical capabilities to do so, we can start visiting popular hacker forums. Such an approach would only be useful if our service is relatively popular, but by using those forums, we can usually find information that wouldn't be available to the general public including the aliases of hackers that are interested in our database, what do hackers think the database is valued, etc.: some of the hackers might even share information about the data breach itself letting us know how the data breach was accomplished – we can then take that information and use it to improve the security of our product.
Data Breach Search Engines
After we're confident that our application is more secure than before (remember – there's no such thing as 100% security – security can only be improved instead), we should also make use of data breach search engines. Not all data breach search engines are the same, but the ones that are based on quality will let us search for multiple data types (think email addresses, usernames, IP addresses, or even domains belonging to a website) and quickly provide a response to let us protect ourselves and those close to us.
Companies, individuals, and educational institutions that are using BreachDirectory also elect to use the BreachDirectory API – they provide it with various data classes when protecting their clients or personnel and get a JSON response in return. The JSON response derived from BreachDirectory helps them improve the security of their customers because then they use the response and act on it – change passwords, inform users about their stance in the cyber security space, and do other things that help them improve their stance in the cyber security space in other ways. Make sure to give it a shot today!
Summary
The average price of a data breach depends on a multitude of factors – this blog has walked you through those. We have also provided you with advice that will help you not become a victim of data breach or identity theft in the future – aside from that, it is very useful to keep in mind that data breaches are not incidents that can be stopped completely. They do happen and will continue happening, but we hope that their average price – and the usefulness they pose to nefarious parties – will go down over time.
To help their price go down, run a search through BreachDirectory to protect both yourself and the ones closest to you, and until next time!
Top comments (0)