As Customer-Targeted Cybercrime Rises, Traditional Digital Identity Fails

media:acquia_dam_asset:dae3770e-e18a-4c87-8ab9-f3557bdefa2e

In the face of today's uncertain world events, cybersecurity has never been more critical. With growing sophistication, cybercrime aimed at gathering consumer information continues to escalate at unprecedented levels.

The ForgeRock 2022 Consumer Identity Breach Report highlights that 2 billion data records containing usernames and passwords were compromised in 2021, a 35% increase over 20201. And, in just the first quarter of 2022 alone, it is estimated that more than 75 million records were breached.2, This includes the following cases:

  • Hackers breached systems belonging to the International Committee of the Red Cross. They gained access to data that exceeds 500,000 people and disrupted the organization's services around the world3.
  • A security breach at the Washington State Department of Licensing affected at least 650,000 professionals. Authorities believe Social Security numbers and some personal data were compromised4.
  • Crypto.com incurred a breach that targeted nearly 500 people's cryptocurrency wallets. The thieves circumvented the site's two-factor authentication and stole $18 million of Bitcoin and $15 million of Ethereum. Crypto.com said it plans to move away from two-factor authentication to true multi-factor authentication5, 6.
  • A breach at FlexBooker, an appointment management business, affected approximately 3 million users. Confidential data, including personally identifiable information (PII), drivers license data, and passwords, was stolen by hackers and then offered for sale on popular cybercrime message boards7.

Fraud is also on the rise and is extremely costly. According to the U.S. Federal Trade Commission data, "[U.S.] consumers reported losing more than $5.8 billion to fraud in 2021, an increase of more than 70 percent over the previous year8." In the United Kingdom, the National Fraud Intelligence Bureau (NFIB) reports that between November 2020 and 2021, residents and businesses were victims of approximately 40,586 cases of fraud and cybercrime per month, totalling £2.5 billion9.

Statistics like these have cybersecurity professionals asking "What is our weakest security link?" and, "How can I best protect our customers and my organization?"

Traditional Digital Identity Is the Weakest Cybersecurity Link

In an effort to mitigate costs, many organizations have tried modifying their current employee identity and access management (IAM) systems to meet trends and demands rather than invest in a purpose-built, enterprise-grade customer identity and access management (CIAM) solution. Unfortunately, these retooled traditional digital identity systems are failing to protect consumers against the sophistication of cybercriminals and fraudsters.

For example, Experian states: "Our research shows that companies earning consumer trust leverage automated solutions to identify and protect customers across their online journey…" Yet, legacy IAM uses static rules to make decisions. For instance, it was not designed to utilize artificial intelligence (AI) and machine learning (ML) to analyze and adjust access based on risk signals or a user's behavior. Nor was it built to scale and manage billions of consumer and internet of things (IoT) identities, and thousands of concurrent sessions without incident.

The consequences of organizations continuing to use traditional IAM has resulted in digital identity emerging as the weakest cybersecurity link.

A survey of 488 IT and cybersecurity leaders by Enterprise Strategy Group (ESG) shows that 45% of organizations have suffered a breach due to identity-related threats10. This is largely due to the fact that, for the fourth consecutive year, unauthorized access is the leading gateway for criminals to enter an organization. As detailed in the ForgeRock 2022 Consumer Identity Breach Report, unauthorized access accounted for 50% of all records breached — up from 45% in 2020.

Enterprise CIAM Is Purpose-Built to Protect Your Consumers Against Today's Cybercrime

When it comes to implementing cybersecurity that protects your consumers and your organization, it is time to be proactive.

The good news is that modernizing your digital identity infrastructure with enterprise-grade CIAM results in greater security for your consumers and your organization. It also improves experiences and reduces your overall costs. For example, a Forrester Consulting Total Economic Impact study of ForgeRock CIAM showed a 40% reduction in security-related call center volume, resulting in a benefit of $24 million.

How are such benefits achieved? Enterprise-grade CIAM includes modern capabilities such as passwordless and multi-factor authentication (MFA), AI-powered user and entity behavior analytics (UEBA), and secure impersonation (a best practice for help desk and call center security). These and much more help you support a Zero Trust security model that significantly mitigates risk and reduces the cost of fraud. In fact, thanks to ForgeRock, a large global financial services organization reduced credit card fraud by 67%.

With a purpose-built CIAM platform at the ready, the security risks caused by your legacy digital identity systems can quickly be a thing of the past.

Learn more about how to protect your customers and organization with ForgeRock's enterprise-grade CIAM platform by reading How Customer Identity Protects Against Breaches and Fraud.

  1. https://www.forgerock.com/fr/resources/2022-consumer-identity-breach-report
  2. https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-march-2022-3-99-million-records-breached
  3. https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents
  4. https://komonews.com/news/local/state-department-of-licensing-site-back-online-after-data-breach
  5. https://www.techradar.com/features/top-data-breaches-and-cyber-attacks-of-2022
  6. https://www.techradar.com/news/2fa-compromise-led-to-cryptocom-hack
  7. https://www.techradar.com/features/top-data-breaches-and-cyber-attacks-of-2022
  8. https://www.ftc.gov/news-events/news/press-releases/2022/02/new-data-shows-ftc-received-28-million-fraud-reports-consumers-2021-0
  9. https://www.cityam.com/uk-loses-2-5bn-in-fraud-and-cyber-crime-cases-during-2021/
  10. ESG eBook, Securing the Identity Perimeter with Defense in Depth, March 2022