We recently posted a blog discussing how web application attacks have become the #1 source of data breaches out of all cyber attack vectors.

Now, new research helps organizations not just to be aware of the threat, but also put a price tag on it: $158 per stolen record. This means that even a small-scale data breach of 10,000 records can cost your company upwards of $1.5M for a single incident.

Moreover, the 2016 Cost of Data Breach Study, conducted by the Ponemon Institute and sponsored by IBM, found that under certain situations costs can be considerably higher. For example, if the breach was a result of malicious activity or a criminal attack, the average cost jumps to $170 per stolen record.

In addition, certain industries such as healthcare, finance and retail also had higher-than-average costs due to the highly sensitive nature of their data. The average data breach cost in healthcare was $355 per record, in financial services $221 per record, and in retail $172 per record. Certain countries are also more expensive than others, with the U.S. topping the list at $221 per record.

The Ponemon Institute offers a number of key recommendations for companies to mitigate the chance of a data breach occurring. Internally, the study recommends having an incident response plan in place, appointing a dedicated chief information security officer (CISO), employing encryption, and putting in place data loss prevention (DLP) mechanisms.

Applied to a customer-facing web environment, there are a number of takeaways that can be applied based on these recommendations:

• Employ a Web Application Firewall (WAF): Since web application attacks are a leading source of online data breaches, securing your web applications is paramount. Using a WAF helps reduce the chance of data leakage by protecting you against common attack methods such as SQL injection (SQLi), cross-site scripting (XSS), remote-file inclusion (RFI) and others. Use of a WAF is also required by certain industry regulations, such as PCI DSS requirement 6.6.
• Encrypt website traffic: Apply SSL/TLS encryption to encrypt user traffic to your website to prevent snooping and protect sensitive user data.
• Use token-based authentication: Token-Based Authentication provides security for digital assets delivered through your website. This feature allows customers to limit access to content by country, URL, IP address, protocol, or referrer link. Additionally, customers can protect their content by only allowing it to be available for a certain amount of time. Using Token-Based Authentication, customers can limit and control access to content only to clients with valid tokens. This will help prevent unauthorized access to data.
• Protect your DNS records with DNSSEC: Make sure DNSSEC is enabled on your DNS service to protect against cache poisoning attacks that might be used by hackers to redirect your website traffic. Usage of DNSSEC is already required by certain banking and government regulations.
• Use virtual patching: Unpatched vulnerabilities to common server software are a major vulnerability for many websites. In fact, a number of recent and well-publicized data breaches are thought to have been the result of hackers gaining access to websites and networks through unpatched software. Using a WAF with virtual patching capabilities helps companies prevent such incidents by automatically patching known vulnerabilities to common content management systems (CMS), such as WordPress, Joomla!, SharePoint, Drupal and others.

Verizon Digital Media Services provides a wide array of security solutions that help defend against data breaches. Our products offer a comprehensive suite of tools to protect your website, including an enterprise-grade WAF, anti-DDoS protection, DNS protection, traffic encryption, and dynamic content acceleration over a PCI-certified network dedicated for enterprises.

Contact us to learn more how Verizon can help you defend your website.

Vikas Phonsa, Sr Product Manager – Security Solutions
Eyal Arazi, Product Marketing Manager – Security