Data breaches cost $1.2 trillion in U.S. alone in 2019 as cybercriminals target PII: ForgeRock report
More than 5 billion records were exposed by cybercriminals in 2019, with a cost to U.S. organizations of more than $1.2 trillion, a steep rise from $654 million in 2018, according to new research from ForgeRock.
The nine-page ForgeRock Consumer Identity Breach Report shows healthcare was the industry most frequently targeted last year, with 382 breaches costing $2.45 billion, likewise a stark increase from 164 incidents costing $633 million in 2018. Technology companies lost more personal data, however, with breaches exposing 1.37 billion records and costing more than $250 billion.
Unauthorized access was the most common attack vector (40 percent), followed by ransomware and malware (15 percent) and phishing (14 percent). ForgeRock says that by targeting personally identifiable information (PII) with 98 percent of attacks, and leveraging unauthorized access, cybercriminals demonstrate how higher volumes and higher value data can be stolen due to weaknesses in enterprise identity and access management (IAM) practices.
Social security numbers were the most frequently targeted type of data, according to the report.
“Given that there are new pressures to tear down the corporate castle walls for access by bring-your-own devices, temporary workers and outside applications, organizations must deploy a modern platform that provides intelligent, contextual and continuous security that can prompt for identity validation after detecting anomalous behavior,” ForgeRock CTO Eve Maler. “They can then ensure more layers of security between threat actors and consumer data while delivering superior experiences to their legitimate users.”
So far in 2020, the number of breaches has fallen drastically, but the number of records breached has actually increased.
Last year, the BFSI vertical was the second most-targeted, and accounted for 12 percent of breaches. Social security numbers and date of birth details were the most targeted data, followed by names and addresses and personal health information. In the first quarter of 2020, medical records were the top focus for cybercriminals.
ForgeRock concludes that the best digital identity solution is one that enables user identity journeys like registration and authentication to be orchestrated in a convenient and unified way, with access controlled close to each application to support a Zero Trust approach.