Unauthorised access still biggest cause of data breaches

In the UK there was a 2.5X increase in breaches due to unauthorised access; healthcare remains the biggest target – but attacks on financial services increasing, says ForgeRock report

Posted 9 June 2021 by Christine Horton

There has been an unprecedented 450 percent surge in breaches containing usernames and passwords globally.

The figures come from the 2021 Identity Breach Report from digital identity vendor ForgeRock.

The report also found unauthorised access was the leading cause of breaches for the third consecutive year, increasing year-over-year for the past two years. It now accounts for 43 percent of all breaches in 2020.

Breaches affecting smaller enterprises – with many still involving tens of millions of records – saw the biggest surge with a 50 percent increase.

UK cyberattacks

In the UK there was a 2.5X increase in breaches due to unauthorised access.

In last year’s report, the UK healthcare sector data breaches accounted for 51.5 percent of total breaches in 2019. This year, education, financial services, and retail have fallen prey to many more incidents, comprising 13.5, 11.7 and 11.5 percent respectively of total data breaches in the first six months of 2020.

There was a huge 471 percent increase in ransomware attacks on financial services organisations.

Also in 2020, phishing continued to be the most common form of data breach reported in the UK – even though phishing incidents declined from the previous year and other types of attacks increased.

Unauthorised access causing breaches

Unauthorised access continues to be the leading cause of breaches. “Questionable yet common security practices, like sharing or reusing passwords, gave bad actors an easy path to gaining access to personally identifiable information (PII), such as date of birth and Social Security Number information, which is found in one-third of all breaches,” notes ForgeRock.

“For too long, usernames and passwords have been the backbone of providing people secure access to their digital lives. The findings in our identity breach report reveal that it’s time for change,” said Fran Rosch, CEO, ForgeRock.

“The surge in breaches involving usernames and passwords at an astounding 450 percent clearly emphasises the need to adopt a strong digital identity and access management solution that offers the ability to go passwordless. It also gives companies a much better chance at reducing data exposure, as well as lowering their reputational and financial risk.”

Cybercriminals were more targeted in their quest to extort money in exchange for valuable information, honing in on specific industries in 2020.

‘Worsening cyberattacks across all sectors’

“Overall, it is reasonable to conclude that the pandemic and the digital dislocation caused by lockdowns have led to worsening cyberattacks across all sectors in the UK,” notes the report.

“Healthcare and financial services remain key sectors of concern, especially given that these two sectors often handle the most sensitive and valuable PII and are cornerstones of the UK’s economic and public health security. A large increase in ransomware and unauthorised access breaches in these sectors suggests that unscrupulous cybercriminals are specifically targeting these sectors for data and payments at the moment when they are at their most vulnerable.”