Personally identifiable data (PII) is the primary focus of malicious attacks and data breaches, according to a new report from ForgeRock. Healthcare providers are an especially popular target but while Australian healthcare businesses report fewer problems, that might not be good news, according to the local ForgeRock chief.
The report reveals that the cost to business from such breaches is rising according to the authors, who say that over the last year the average cost of a breach in the U.S. increased 112 per cent to $8.19 million in 2019, up from $3.86 million. The number of consumer records affected also grew in 2019 to over five billion, up 78.57 per cent from the 2.8 billion impacted in 2018.
The ForgeRock 2020 Consumer Identity Breach Report, also benchmarks Australian cyber incidents against the US, UK, and Australia. The company says OAIC statistics showed that between July and December 2019, 74 per cent of breaches targeted identity credentials, including phishing, stolen or compromised credentials, and brute force attacks.
This puts Australia on-par with other markets, where phishing, malware, unauthorized access and ransomware dominated, according to Forgerock
Among the key findings;
- PII continues to be the number one data target for malicious actors, 98 per cent.
- For the second year in a row, unauthorized access is the number one attack method by cybercriminals, 40 per cent.
- Social Security numbers and date of birth records were the most targeted data, 37 per cent
Unauthorised access attacks represent the most common form of breach, followed by ransomware and malware (which actually declined slightly), while phishing overtook misconfigurations as the third most common attack.
In the US at least, the healthcare sector is the bullseye, with 43 per cent of records breached coming from this sector, with financial services, education, government, and retail making up the top five.
The report notes, “Healthcare was again the biggest target in 2019, comprising 45 per cent of all breaches, followed by banking/insurance/financial at 12 per cent. In 2019, while the healthcare industry had the highest number of breaches, the technology sector had the highest number of consumer records impacted at 1.37B. This goes to show that hackers are targeting fewer organizations in the technology sector but focusing on accessing more records with a single breach.”
The Australian healthcare sector did not fare as badly as in other countries, according to James Ross, RVP & Managing Director, ANZ, ForgeRock. However, he warns that this gap between the US and Australian experience is likely due to Australian healthcare providers remaining unaware that they have been attacked.
Ross said, “A comparison of Australian data breaches against other markets indicates that Australia’s healthcare sector may not be aware of the full number of data breaches it is incurring. OAIC figures show that the health sector attracted 22 percent of self-reported data breaches in 2019, far less than 51 and 45 percent in the UK and US respectively.”
A part of the problem is that often, organisations from all sectors often only discover they have suffered a breach when their data appears on the dark web, he suggested. “Australia’s healthcare sector may be suffering a higher number of breaches than reported.”
“It’s also important to highlight the role of identity in cyber breaches. Between July and December, 74 percent of malicious or criminal data breaches reported were as a result of compromised identity. This means that whether through phishing, stolen or compromised credentials or brute force attacks, malicious actors are elevating attacks through identity access to find personal and sensitive data.”
Ross also highlights that Australian healthcare providers, financial services institutes, and other sectors have moved toward API-powered models, allowing multiple organisations to access and leverage data.
As a result, he said, “Identity management is only going to become more critical to the security of valuable private information. CIOs and CSOs must prioritise identity management alongside threat intelligence and end-point security in taking an identity-first approach that will enable firms to significantly reduce risks whilst enabling innovation through more efficient and secure data access.”