Stolen identities remain the top threat

ForgeRock has published findings from its 2023 ForgeRock Identity Breach Report, which revealed that stolen identities continue to cause massive breaches, exposing 1.5 billion user records and costing businesses an average of $9.4 million per breach in 2022. 

  • 1 year ago Posted in

As more identities are stolen each year, AI-driven fraud attacks are creating a larger threat landscape for consumers and enterprises alike. Through the use of new technologies like generative AI, tactics such as phishing emails, malicious code and voice or video-based impersonation, otherwise known as “deep fakes,” are becoming more common and difficult to detect. 

 

The ForgeRock 2023 Identity Breach Report underscores that attackers continue to target credentials and use them as a stepping stone to infiltrate an organisation across industries and geographies - and AI is making it more difficult for the average human to identify threats.  

 

The compromise of one single authorised identity of an employee inside an enterprise or of a service provider to the enterprise can cause a serious breach or ransomware attack affecting millions of consumers. Organisations need to adopt holistic digital identity and access management solutions that strengthen security, without jeopardising the user experience, across all functions. 

 

Other key findings from this year’s report include: 

·       Unauthorised access is the leading cause of breaches for the fifth consecutive year. 

·       52% of all reported breaches came through third-party partners and suppliers.  

·       Healthcare remains a top target with attacks increasing by 50% compared to 2021. 

·       Social Security Number and date of birth information were exposed in 72% of breaches. 

·       Attacks within the financial services sector decreased by 29%, but nearly half of those attacks affected the insurance industry. 

 

To combat the common types of breaches noted in the 2023 ForgeRock Identity Breach Report, organisations should instil best practices like adopting a Zero Trust framework to verify access requests, implementing passwordless authentication to stop password-based attacks, and leveraging AI-driven IAM tools to manage the volume and velocity of cyberattacks. 

 

"The most secure organisations will be those that combine the use of technologies like AI with a well designed approach to security operations and usability,” said Eve Maler, CTO at ForgeRock.  

 

In addition to U.S. data breaches, the ForgeRock Identity Breach Report also highlights attacks in other regions, including the United Kingdom, Germany, Australia, and Singapore. 

 

Acquisition of leading DSPM company will bolster Proofpoint’s human-centric security platform...
NTT DATA’s new Managed Detection & Response service powered by Palo Alto Networks Cortex XSIAM...
SPG is enhancing its cybersecurity capabilities in a new partnership with Saviynt, a leading...
Graylog has unveiled significant security advancements to drive smarter, faster, and more...
Datadog has published its new report, the State of Cloud Security 2024. The report found that...
ISACA research shows automating threat detection/response and endpoint security are the most...
Strategic partnership unifies AI-native endpoint security and next-generation firewall protection...
Advanced forms of social engineering are on the rise, though obvious gaps like weak passwords are...