ForgeRock’s 2021 Identity Breach Report revealed a 450% surged in breaches containing usernames and passwords globally. Unauthorised access is the leading cause of breaches for the third consecutive year, increasing year-over-year for the past two years, accounting for 43% of all breaches in 2020.
The massive shift to remote work resulted in a corresponding rise in the number of breaches. Despite the drop in the number of 100-million plus record “mega-breaches”, cybercriminals broadened their attack surfaces to include organisations of all sizes and across industries to seize valuable assets.
Breaches affecting smaller enterprises – with many still involving tens of millions of records – saw the biggest surge with a 50% increase. This reveals that smaller enterprises are also prime targets and can’t afford to put off adopting a Zero Trust posture.
Jump in unauthorized access
Questionable yet common security practices, like sharing or reusing passwords, gave bad actors an easy path to gaining access to personally identifiable information (PII), such as date of birth and Social Security Number information, which is found in one-third of all breaches.
The massive migration of Singaporeans to digital services over the past 12 months - due to the pandemic - has left both consumers and businesses more exposed than ever before, according to ForgeRock’s 2021 Consumer Identity Breach Report.
Observations from report
- The most heavily impacted industries throughout 2020 were banking, healthcare, retail and manufacturing
- In the banking world alone, phishing scams saw a 20-fold increase in the first half of 2020
- Ransomware rose, with a reported 75% increase in the number of incidents in the first 10 months of 2020 compared to all of 2019
- The majority of organisations targeted were small and medium enterprises
- On average during 2020, 28% of Singapore residents reported they had suffered at least one cybersecurity lapse
Reflecting on the consumer behaviour in Singapore, Ajay Biyani, ForgeRock, regional vice president, ForgeRock for ASEAN, expects attacks to only increase.
He added that the Singapore government’s move to make data breach reporting mandatory in 2021 comes at a crucial time and will be pivotal to ensuring businesses can identify weak points in their online experiences that may otherwise lead to cyberattacks for both employees and customers.
“To address these increased risks, organizations need to make use of AI and machine learning (ML) technologies to spot abnormal behaviour and institute policies that ensure accurate identity access. A modern hybrid IAM system should be implemented to ensure that adequate protections exist both in on-premises environments and in the cloud,” he concluded.