Security Breaches Rising Exponentially; Weak Authentications Exploited
Security incidents and mishaps are happening at an alarming rate as the IT arena is deteriorating into a crime scene due to the threat actors breaching and targeting companies in various sectors. While hacks were uncommon, during the pandemic, threat actors started targeting companies that are much more susceptible to pressure. Taking cues from these incidents, companies worldwide are modifying their authentication methods. However, all’s not well despite their efforts.
A research report from Hypr, a company specializing in multi-factor authentication (MFA), reported that the financial sector continues to face headwinds despite its keenness to fend off these attacks. The report stated that financial institutions in Europe and the USA suffered 3.4 percent of breaches in the past year. These breaches saddled financial firms, such as banks, credit unions, and investment firms, with an average loss of USD 2.19 million. However, these losses don’t address the ‘intangible and hidden costs’ these incidents dealt with.
The research report, the State of Authentication in the Finance Industry 2022, highlights the disturbing aspect that eight out of ten incidents were unwittingly aiding the breaches. Hypr roped in the British firm Vanson Bourne to conduct this research.
While sophistication and expertise have certainly been among the hackers, Hypr blamed that some of the incidents could have been averted if the financial firms hadn’t been too ‘complacent’ about their existing authentication mechanisms.
Findings uncover the burden that current authentication practices are leaving on financial organizations globally, specifically the high-risk cracks in security, strain on budgets, and overall operational disruption,” according to a statement from Hypr regarding their report.
More importantly,” it stated, “the results identify the discrepancies around ‘perceived’ and ‘actual’ authentication security.
But, the most jarring finding was that 85% of the surveyed companies experienced a breach in the past year. While that observation is shocking, what follows after is quite thought-provoking due to its disturbing nature. Of the affected organizations, 72% of firms suffered more than one breach in the same period. And almost all of this lot doubled down that their security protocols were sound, “despite data proving otherwise.”
Other significant observations from the study include: phishing was named as the “most prevalent type of attack” by 36% of respondents, followed by malware, security clearance stuffing, and push notification assaults, which each accounted for 31% of breaches. The report also found that over one-third of these businesses “lost customers to their competitors,” while 29% lost at least one employee and 26% had their customer data stolen in a breach.
Useful link: Debunking Myths Around Zero Trust Security!
The fact that over 90% of research participants (89%) indicated they thought passwordless MFA provided the best level of authentication security is encouraging. But, souring this finding is another conclusion. As alluded to previously, cybercriminals are targeting companies who would cough up the ransom to regain access to their systems. One of these sectors is the service sector industry with a supply chain network.
Supply Chain Attacks
According to a survey by IAM (identification and access management) provider ForgeRock, hackings from problems with the supply chain and third-party suppliers made an unprecedented leap in the US in 2021, climbing 297 percent year over year, accounting for roughly a fourth of all security breaches.
Unauthorized access was identified as the primary channel for breaches in the company’s 2022 Consumer Identity and Breach Report, accounting for 50% of all information exposed in 2021, an increase of 5% from 2020.
According to the research, the average cost of a breach in the US was USD 9.5 million, the most in the world, and an increase of 16% from USD 8.2 million in 2020. Between January 1 and December 31, 2021, ForgeRock acquired information for the study from various sources, including the Identity Theft Resource Centre, Forrester Research, and the Ponemon Institute.
These disturbing statistics highlight the murky incidents in the IT arena. Incidents that we wish didn’t happen, but they still do due to weak authentications and outdated protocols. The need for a robust IAM solution has dawned upon us, and it is time for you to reach out to security vendors such as Veritis, the Stevie Award winner. Reach out to us and walk away with a secure IAM solution to fend off the attacks.