unauthorized access

(Source – Shutterstock)

Unauthorized access the biggest cause of data breaches

Unauthorized access continue a big problem for organizations around the world. As data breaches continue to be a problem in almost every country today, understanding data breaches and how to mitigate them becomes ever so more important. In fact, for most businesses, the fear of being breached is one of the main reasons why some of them are still not convinced about fully digitalizing their services.

The reality is though that businesses rely heavily on technology today to remain productive and profitable. Consumers will also move to other alternatives if businesses are not able to meet their demands. This includes providing a secure avenue for them at every point of their journey.

Cybercriminals know the value of the data being generated and collected by businesses and will go to great lengths to get them. As such, in 2021, its not surprising that unauthorized access was once again the top vector for cybercriminal breach methods. With username and passwords being the perfect seeds for perpetrating new breaches, about two billion such records were compromised in 2021, a 35% increase from the previous year.

According to Eve Maler, CTO of ForgeRock, the classic security measures used by many enterprises, and the regulatory regimes demanding such measures, haven’t stemmed the tide of compromise, and the flood has come. For Maler, password-based protection has been failing prodigiously, and many approaches that strengthen security, such as multifactor authentication, are also creating usability issues and leading to new types of threats.

“Likewise, erecting barriers to resource access for employees has often only slowed business. When attacks scale up, prevention and mitigation methods need to scale up too, leveraging layers of intelligence to apply the right access controls at the right time,” stated Maler in ForgeRock’s 2022 Consumer Identity Breach Report.

The report examines the changing cyber threat landscape, and what it means for businesses and consumers. The fourth annual report shows how trends are shifting and why it’s not always possible to ascertain why certain industries or geographies are trending upward or downward.

Unauthorized access on the rise in Singapore

Key findings from the report show Singapore experiencing a 43% increase in cybercrime between 2020 and 2021. The biggest contributor to these attacks was phishing scams, accounting for more than 12,000 incidents. The next leading attack method was unauthorized access, which was used in more than 3,600 cases in 2020 compared to 1,701 in 2019. Cyber extortion was the third-most-common approach, used in 245 attacks versus 68 the previous year.

Singapore also saw a significant rise in ransomware targeting the manufacturing, retail, and healthcare sectors, with a total of 89 cases reported to the CSA in 2020, an increase of 154% since 2019.

Ajay Biyani, the ASEAN Regional Vice President of ForgeRock commented, “cyberattacks get more sophisticated every day, undoubtedly accelerated by the pandemic and the adoption of digital technology as the world continues to navigate remote and hybrid work. Hackers and cybercriminals have found diverse means to challenge Singapore’s cyberspace, rigorously attacking the manufacturing, retail, and healthcare sectors, resulting in a dramatic 43% year over year increase in overall cybercrime, as cited by the Cyber Security Agency, Singapore”

Biyani also pointed out that organizations need to plan ahead and safeguard their customers from these cyber threats. In a digital economy like Singapore, businesses must remain vigilant and stay resilient to these risks. The government has implemented stringent measures, introduced enhanced frameworks, and is overall working to strengthen its cyber infrastructure. 

With one of the highest internet adoption rates, in 2020, close to 90% of the Singapore population was using the internet. By 2025, adoption is projected to grow to more than 93%. The country is also working towards nationwide 5G coverage by 2025.

As such, the report stated that the Monetary Authority of Singapore has also shared a new framework that looked into equitable sharing of losses arising from scams. It announced measures to strengthen the security of digital banking and highlighted how all parties (organizations and people) have a responsibility to be vigilant and take precautionary measures against scams. In April 2022, the Cyber Security Agency of Singapore also kicked off a licensing framework for cybersecurity service providers to better safeguard consumers’ interests.

“Organizations need to embrace these government measures and adopt new and improved AI-driven solutions to accurately and efficiently tackle new threats. By harnessing these, they can allow for threat protection and prevention of fraud and cyber attacks, which is key to help bolster Singapore’s cyber security resilience moving forward,” added Biyani.

A different situation in Australia

Interestingly in Australia, the Australian Government’s Office of the Australian Information Commissioner Notifiable Breaches Report state that the total number of disclosed breaches dropped 15% in 2021. The country reported 900 successful breaches last year, compared to 1,057 the year before. Despite the decrease, this number is still higher than 2018’s total reported breaches, at 812, a 10% increase in the years between 2018 and 2021.

“Although the total number of disclosed data breaches in Australia was down by 15% in 2021, breaches are still prevalent, and businesses and government must remain diligent in their efforts to prevent them. With the technology to combat cyber threats evolving through developments in AI and the use of deeper methods of multifactor authentication, continued investment in cybersecurity measures will be crucial to protecting data moving forward,” the report highlighted.

With that said, ForgeRock suggests three approaches to minimize data breaches. They include implementing AI-based access management, zero trust, and passwordless authentication.

“These three approaches hold the promise of meeting consumers’ stated desire for both security and a seamless online experience. They focus on reducing the number and severity of breaches while increasing customer trust in organizations with which they do business,” concluded the report.