San Francisco-based digital identity expert ForgeRock has announced the findings of its 2021 Consumer Identity Breach Report, showing a massive 450 percent global rise in breaches involving usernames and passwords.
The COVID-19 pandemic led to a dramatic rise in the number of people online as social and physical distancing measures put into place throughout the world meant to mitigate the spread of the virus have forced people online for not only work but also schooling, banking, and shopping in record numbers. This increase in online traffic led to a proportionate rise in cybercrime, with hackers targeting individuals as well as organizations of all sizes and across a number of industries.
According to ForgeRock’s report, breaches involving smaller-sized enterprises were up 50 percent over last year, outpacing any other targeted group.
The report also reveals that unauthorized access is the leading cause of these breaches — accounting for 43 percent of all breaches in 2020 — and points to poor security practices such as password sharing or reusing as a key reason for this issue.
“For too long, usernames and passwords have been the backbone of providing people secure access to their digital lives,” said Fran Rosch, CEO, ForgeRock. “The findings in our identity breach report reveal that it’s time for change. The surge in breaches involving usernames and passwords at an astounding 450 percent clearly emphasizes the need to adopt a strong digital identity and access management solution that offers the ability to go passwordless. It also gives companies a much better chance at reducing data exposure, as well as lowering their reputational and financial risk.”
Over the past year, several security experts have sounded the alarm for better password hygiene, pointing to various bad practices as major weak points that bad actors are targeting.
Other attack types that the report found to be common causes of breaches were phishing (25 percent), and ransomware (17 percent), with healthcare being the most targeted industry for the second consecutive year, while the tech sector came in first as the industry that paid the highest aggregate cost ($288 billion) to recover from breaches.
June 14, 2021 – by Tony Bitzionis