A data breach can inflict pain on an organization by stealing and leaking sensitive information. With user or customer accounts compromised, a company can suffer financial and business consequences and see its reputation damaged, sometimes beyond repair. A new report from the digital identity platform ForgeRock shows how and where data breaches are affecting US businesses and their customers.
Released on Wednesday, the ForgeRock Consumer Identity Breach Report for 2020 describes the financial pain data breaches have inflicted. With more than 5 billion records compromised in 2019, breaches cost US organizations more than $1.2 trillion. Combined with the $654 billion in costs in 2018, data breaches have hit organizations to the tune of $1.8 trillion over the past two years.
Even prior to the coronavirus pandemic, healthcare was the most targeted sector last year with 382 data breaches leading to costs of more than $2.5 billion–that was a huge jump over the 164 incidents and $633 million in costs seen in 2018. Following healthcare, the banking/insurance/financial industry was the most targeted sector in 2019, accounting for 12% of all breaches. Next were education, government, and retail.
Technology firms saw the largest number of records compromised due to data breaches in 2019. Breaches cost the tech industry more than $250 billion, as more than 1.37 billion records were exposed during the year.
Personally identifiable information (PII) remained the most targeted type of data sought by attackers and was compromised in 98% of the breaches recorded last year. More specifically, social security numbers were the most popular type of breached information, exposed in 384 breaches in 2019. Unauthorized access was the most common type of attack used, playing a role in 40% of last year’s breaches. Other popular forms of attack included ransomware, malware, and phishing campaigns.
“Cybercriminals continue to refine their attack vectors and can execute a greater volume of attacks than ever before to pilfer consumer data,” ForgeRock CTO Eve Maler said in a press release. “Enterprises need to critically evaluate their digital identity management strategies for weaknesses. Given that there are new pressures to tear down the corporate castle walls for access by bring-your-own devices, temporary workers, and outside applications, organizations must deploy a modern platform that provides intelligent, contextual, and continuous security that can prompt for identity validation after detecting anomalous behavior.”
What advice does ForgeRock have for organizations to better prevent data breaches?
- Digital identity solutions. The right digital identity solution should enable the orchestration of user identity journeys, like registration and authentication, in a convenient way that unifies the controls for security and user experience. It should enable access to be controlled close to each application, as befits zero trust, with context from authentication feeding into authorization. And it should enable the enterprise to protect personal data in a transparent fashion and extend control of data consent and permissions in a way that is unified for each user, increasing their confidence in the service provider.
- Identity governance. Identity governance is a key part of preventing unauthorized access. The right approach leverages cloud and AI/ML (artificial intelligence/machine learning) to create intelligent governance solutions. It utilizes the vast amounts of data that a company already possesses as an input to learning and predicting good access. It allows organizations to employ a portfolio of machine learning models. It also allows the flexibility to ingest large amounts of data from the various data sources that are available. Most of all, the right solution actually reduces effort and unlocks value from current IAM (Identity and Access Management) investments.