Stolen identities remain top cybersecurity threat

Stolen identities continue to cause massive breaches, exposing 1.5 billion user records and costing businesses an average of $9.4 million per breach in 2022, according to a new report.

The ForgeRock 2023 Identity Breach Report shows that attackers continue to target credentials and use them as a stepping stone to infiltrate an organization across industries and geographies. What’s more and AI is making it more difficult for the average human to identify threats.

The report reveals that unauthorized access is the leading cause of breaches for the fifth consecutive year and 52 percent of all reported breaches came through third-party partners and suppliers.

Among other findings, the healthcare sector remains a top target with attacks increasing by 50 percent compared to 2021. Attacks within the financial services sector on the other hand decreased by 29 percent, but nearly half of those affected the insurance industry. Social security number and date of birth information were exposed in 72 percent of breaches.

As more identities are stolen each year, AI-driven fraud attacks are creating a larger threat landscape for consumers and enterprises alike. Through the use of new technologies like generative AI, tactics such as phishing emails, malicious code and voice or video-based impersonation, otherwise known as deep fakes, are becoming more common and difficult to detect.

The report recommends that organizations adopt best practices like adopting a Zero Trust framework to verify access requests, implementing passwordless authentication to stop password-based attacks, and leveraging AI-driven IAM tools to manage the volume and velocity of cyberattacks.

"The most secure organizations will be those that combine the use of technologies like AI with a well designed approach to security operations and usability," says Eve Maler, CTO at ForgeRock.

The full report is available from the ForgeRock site.

Image credit: Frank-Peters/depositphotos.com