Why We Need to Eliminate Usernames and Passwords for Good
Staggering 450% increase in breaches containing login credentials revealed in this year’s report
Our third annual ForgeRock Consumer Identity Breach Report has just been released, providing insights into the global threat landscape. The COVID-19 pandemic caused a digital migration like we’ve never seen before. People spent twice as much time online and cybercriminals wasted no time in taking advantage of this new reality.
This year we uncovered some staggering stats – for example, attacks involving usernames and passwords increased an unprecedented 450%, totaling 1.48 billion breached records. Why are we still using passwords when they provide such ineffective security and are a nightmare to use and manage? Unauthorized access continued to be the primary attack vector for cybercriminals, with ransomware and phishing following closely behind.
Here are a few more of the major trends we uncovered:
- Healthcare was once again the most targeted industry with the highest number of breaches (34% of all breaches). Technology had the highest number of records stolen for the second consecutive year (over 1.6 billion records stolen).
- Smaller organizations were prime targets in 2020 – breaches of less than 100 million records saw the biggest surge with a 50% increase.
- The cost of responding to an individual breach in the U.S. increased to $8.64 million. This was higher than any other region in the world.
The report includes insights from the U.S., UK, Germany, Australia and, for the first time, Singapore.
Our findings reinforce what I’ve been saying for a long time - we’ve been reliant on usernames and passwords for far too long and it’s time to get rid of them once and for all. They aren’t secure, provide a terrible user experience, and are easy to exploit for financial gain.
Digital identity was once again the weakest security link in 2020 and organizations of all sizes must look for ways to stay one step ahead. The best way to do that is to adopt a comprehensive identity and access management (IAM) solution to help prevent identity-related data breaches, preserve customer relationships, and provide a better user experience so customers keep coming back.