Despite worldwide investments in information security products and services, cybercriminals exposed 2.8 billion consumer data records in 2018, costing more than $654 billion to U.S. corporations, according to ForgeRock’s 2019 U.S. Consumer Data Breach Report. Personally identifiable information (PII) accounted for 97% of the pilfered data including names, Social Security numbers, dates of birth and more. This highlights the fact that companies continue to struggle with the realities of the threat landscape, even though Gartner forecasted that worldwide spending on cybersecurity tools reached more than $114 billion in 2018.
The downstream effect of data breaches is not just the theft of data, but the fact that the information exposed can be cross-referenced with previously stolen data on the dark web. Cybercriminals can, therefore, launch highly targeted phishing attacks or even create extremely detailed lists for credential stuffing attacks and gain access to sensitive financial, healthcare or government accounts.
The variety of industries impacted by data breaches in 2018 have made consumers more aware of the growing sophistication of these incidents. The healthcare industry was the most targeted sector by hackers in 2018, representing 48% of all breaches while financial and government entities combined for 20% of breaches. Healthcare, financial and government entities store and manage massive amounts of highly sensitive PII, making them attractive targets for cybercriminals. However, it is critical to note that all companies, even those in industries that reported lower breach numbers, must continually avoid becoming the next target of a breach. In fact, the World Economic Forum’s 2019 Global Risks Report lists data fraud or theft and cyberattacks as the number four and five risks facing businesses around the world in 2019, respectively.
Cyberattacks have become the norm and it is not so much a matter of if an attack will happen, but when it will happen. Consumers must remain vigilant and review their personal security practices to increase the protection of their information. Everyone should take time to do the following:
- Create strong passwords of more than eight characters with numbers and symbols
- Refrain from reusing passwords and usernames across accounts
- Enable multi-factor authentication (MFA) when possible
However, corporations must hold themselves accountable for defending their employees, customers, and partners against all types of attacks. Cybercriminals today are highly sophisticated, executing a diverse range of attacks at a greater volume and scale than ever before. In fact, unauthorized access was the most popular type of attack in 2018 as it could be attributed to 34% of all attacks. Ransomware (17.3%), misconfigurations (16%) and phishing (13.3%) all remained popular attacks as well, illustrating the variety of methods hackers can employ to pilfer data from unsuspecting enterprises.
Organizations can protect consumer data by implementing a strong customer identity management program. Every industry has incentives to avoid brand damage and costly breaches, and so organizations must use modern techniques of identity and access management to secure their infrastructure, from servers in the data center to client applications and smart devices at the edge.