We get so deluged with news stories about data breaches that it’s easy to lose sight of the forest for the trees. Consider, according to a newly released report from ForgeRock, the ForgeRock Consumer Identity Breach Report, which found that more than 5 billion records were exposed last year. That’s a lot of information on a lot of information pertaining to a lot of people.
The report had a handful of interesting highlights:
- Breaches have increased dramatically, both in actual numbers and costs
- No industry is safe: Healthcare was the most targeted industry in 2019, accounting for 382 breaches and costing over $2.45 billion. Technology firms had the highest number of records compromised from breaches with over 1.37 billion exposed
- Unauthorized access was the most common attack vector used in 2019, responsible for 40% of breaches, followed by ransomware and malware at 15% and phishing at 14%
- Identity and Access Management technologies hold the key for protecting businesses and consumers
The report also found that personally identifiable information remained the top sought type of data by attackers and comprised the exposure in 98% of 2019 breaches. That figure was essentially flat, year over year. Of course, it makes sense that the data on publicly disclosed breaches would comprise mostly personally identifiable information as the most vigorously enforced data breach disclosure laws and regulatory mandates involve personally identifiable information.
Unsurprisingly, unauthorized access was the most common attack vector in 2019, responsible for 40% of breaches. Unauthorized access was followed by ransomware, malware, and phishing all essentially flat around 15%. Social Security numbers were the most targeted type of data compromised as they were exposed in 384 breaches in 2019.The report found that by targeted personally identifiable information criminals have highlighted weaknesses in enterprises’ identity and access management practices and how these weaknesses enable more data to be disclosed.
“When it comes to data breaches, we’re seeing the biggest cybersecurity problem continues to be an identity problem,” said Eve Maler, CTO at ForgeRock.
The report also found that banking/insurance/financial fared better than healthcare, accounting for 12 percent of breaches, with education (7 percent), government (5 percent) and retail (5 percent), following up the rears.
What does 2020 hold? Not much better if the first quarter is any indication. When looking at records breached, Q1 2020 outpaced the same year ago period, despite the overall number of breaches declining. According to the ForgeRock report, there have been 92 data breaches affecting 1.6 billion records in Q1 2020, which is nearly 9 percent more records than Q1 2019. “Healthcare is still the most breached industry in Q1 2020, accounting for 51 percent of the incidents, which may be due to attackers targeting strained healthcare organizations amid the COVID-19 pandemic. However, the most records exposed throughout Q1 2020 have been from social media firms,” the company said.
The 2020 ForgeRock Consumer Identity Breach Report is available here.
To conduct the report, ForgeRock looked at data breaches, reported between January 1, 2019 and March 31, 2020. The company says only those breaches with a known number of consumers or records were incorporated, and that the breaches were categorized by industry, type of data breached and type of attack.