sb-au logo
Story image

ForgeRock: Identity security crucial for healthcare providers

Last year in Australia, cyber attacks largely targeted identity credentials, however organisations particularly in the healthcare sector may not be aware of the threat, new research finds.

ForgeRock, a digital identity company, released its 2020 Consumer Identity Breach Report, which looks at Australian cyber incidents against the US, UK and Germany.

OAIC statistics showed that between July and December 2019, 74% of cyber incidents breaches targeted identity credentials, including phishing, stolen or compromised credentials and brute force attacks.

This puts Australia on-par with other markets, where phishing, malware, unauthorised access and ransomware dominated, ForgeRock states.

However, Australia’s healthcare sector only comprised 22% of total breaches reported to the OAIC, far below the UK and U.S, comprising 51.5% and 45% of data breaches respectively.

ForgeRock regional VP James Ross says, with organisations in many sectors often unaware a breach has occurred until after the incident has occurred, this gap is due to Australian healthcare providers remaining unaware that they have been attacked.

Ross says, “A comparison of Australian data breaches against other markets indicates that Australia's healthcare sector may not be aware of the full number of data breaches it is incurring.

“OAIC figures show that the health sector attracted 22% of self-reported data breaches in 2019, far less than 51 and 45% in the UK and the US respectively.

"Since organisations from all sectors often only realise they have suffered a breach when their data appears on the dark web, Australia's healthcare sector may be suffering a higher number of breaches than reported.”

He says, “It's also important to highlight the role of identity in cyber breaches. Between July and December, 74% of malicious or criminal data breaches reported were as a result of compromised identity.

“This means that whether through phishing, stolen or compromised credentials or brute force attacks, malicious actors are elevating attacks through identity access to find personal and sensitive data.”

Ross says as digital transformation is embraced and new solutions are adopted, healthcare organisations in particular should look into actioning more robust security measures.

He says, “As our healthcare, financial services and other sectors move toward API-powered models, whereby multiple organisations can access and leverage data, identity management is only going to become more critical to the security of valuable private information.

“CIOs and CSOs must prioritise identity management alongside threat intelligence and end-point security intaking an identity-first approach that will enable firms to significantly reduce risks whilst enabling innovation through more efficient and secure data access.”

He says, with security experts raising concerns about risks to My Health Record APIs, now is the time for organisations in all sectors to rethink identity and credentials as a cornerstone of cybersecurity policy.

Story image
AustCyber research shows huge potential of cybersecurity market
For the first time, the gross value added (GVA) of Australia’s cybersecurity sector can be estimated, at $2.3 billion. More
Story image
Palo Alto Networks launches enterprise data loss prevention service
"As a single centralised cloud service, Palo Alto Networks Enterprise DLP can be deployed across an entire large enterprise in minutes with no need for additional infrastructure."More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More
Story image
DigiCert revamps PKI management capabilities for remote work
The revamp provides new ways of delivering certificate automation that can authenticate employees and devices, and encrypt data over networks.More
Story image
Singapore makes an example of remote working in APAC, but security concerns persist
Respondents are most concerned about WiFi networks (39%), cloud storage (38%), email (36%), new technologies like IoT and 5G (34%), and video conferencing platforms (31%).More
Story image
Trend Micro integrates with AWS Network Firewall
As a Launch Partner, Trend Micro has integrated managed threat intelligence feeds from its cloud security solution to enable superior protection in line with this new AWS managed firewall service.More