By Robert Vamosi, CISSP and senior product marketing manager, ForgeRock
Cybercriminals exposed 2.8 billion consumer data records in 2018, costing U.S. organizations over $654 billion according to a new report from ForgeRock.
The report covers data breaches affecting customer data only from January 1, 2018 through March 31, 2019. While these are a mix of sensitive and non-sensitive sets of data, both are valuable to a criminal who can use a name, birth date, and social security number, along with someone’s email in order to build a synthetic identity used to impersonate someone online. Given this, Personal Identifiable Information (PII) was the leading type of data breach in 2018, at 97 percent.
Among cybercriminals, the most frequent attack method used in 2018 was unauthorized access, comprising 34 percent of all data breaches. The Identity Theft Resource Center (ITRC), upon whose research the report uses, defines “unauthorized access” as “a catch-all identifier and not an accurate reflection of the true method of intrusion.” As used here, one can infer from the study’s context that the attacks involved using stolen credentials, namely weak usernames and passwords. A criminal could take a username or email and then use guesswork or an automated tool such as John the Ripper or HashCat to find the associated password. Once credentialed, a criminal would then seek access to customer or employee databases.
In terms of industry, healthcare remains the most attacked, suffering in 2018 from more than four times the number of breaches than any other industry. Given its strict regulatory environment, the healthcare industry has shown reticence to modernize its technologies. This, coupled with a mad dash to enable electronic health records (EHRs) within a given amount of time, has created lucrative opportunities for criminals in recent years.
In the ForgeRock study, financial services and government are close behind in industries under attack. Attacking financial services is in line with the 2019 Verizon Data Breach Investigations Report which found that attacks for financial gain remain in the top position. In Q1 2019, breaches in financial services cost the industry $6.2 billion, up from just $8 million in Q1 2018.
One way to protect customer data from breaches is to implement a strong identity management solution that includes securing everything from the enterprise infrastructure — all to the client-facing apps at the edge. Enterprises should also critically evaluate their IAM strategies, practices, and solutions to ensure they are adequately protecting their massive volumes of consumer data.
At a minimum, enterprises need to consider modern, intelligent authentication methods that move beyond simple username and password and provide fine-grained authorization to protect and secure resources.
About the Author
Robert is a CISSP and senior product marketing manager at ForgeRock. He is the author of When Gadgets Betray Us: The Dark Side of our Infatuation with New Technologies and he has been featured in the history-of-hacking documentary, Code 2600. As an award-winning journalist, Robert has been writing about information security for more than 15 years for sites including Forbes, ZDNet, CNET, CBS News, PC World, and Security Ledger.