sb-au logo
Story image

ForgeRock: Identity security crucial for healthcare providers

Last year in Australia, cyber attacks largely targeted identity credentials, however organisations particularly in the healthcare sector may not be aware of the threat, new research finds.

ForgeRock, a digital identity company, released its 2020 Consumer Identity Breach Report, which looks at Australian cyber incidents against the US, UK and Germany.

OAIC statistics showed that between July and December 2019, 74% of cyber incidents breaches targeted identity credentials, including phishing, stolen or compromised credentials and brute force attacks.

This puts Australia on-par with other markets, where phishing, malware, unauthorised access and ransomware dominated, ForgeRock states.

However, Australia’s healthcare sector only comprised 22% of total breaches reported to the OAIC, far below the UK and U.S, comprising 51.5% and 45% of data breaches respectively.

ForgeRock regional VP James Ross says, with organisations in many sectors often unaware a breach has occurred until after the incident has occurred, this gap is due to Australian healthcare providers remaining unaware that they have been attacked.

Ross says, “A comparison of Australian data breaches against other markets indicates that Australia's healthcare sector may not be aware of the full number of data breaches it is incurring.

“OAIC figures show that the health sector attracted 22% of self-reported data breaches in 2019, far less than 51 and 45% in the UK and the US respectively.

"Since organisations from all sectors often only realise they have suffered a breach when their data appears on the dark web, Australia's healthcare sector may be suffering a higher number of breaches than reported.”

He says, “It's also important to highlight the role of identity in cyber breaches. Between July and December, 74% of malicious or criminal data breaches reported were as a result of compromised identity.

“This means that whether through phishing, stolen or compromised credentials or brute force attacks, malicious actors are elevating attacks through identity access to find personal and sensitive data.”

Ross says as digital transformation is embraced and new solutions are adopted, healthcare organisations in particular should look into actioning more robust security measures.

He says, “As our healthcare, financial services and other sectors move toward API-powered models, whereby multiple organisations can access and leverage data, identity management is only going to become more critical to the security of valuable private information.

“CIOs and CSOs must prioritise identity management alongside threat intelligence and end-point security intaking an identity-first approach that will enable firms to significantly reduce risks whilst enabling innovation through more efficient and secure data access.”

He says, with security experts raising concerns about risks to My Health Record APIs, now is the time for organisations in all sectors to rethink identity and credentials as a cornerstone of cybersecurity policy.

Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Average cost of insider attack $2 million - Bitglass
A report has found 61% of companies had an insider attack in past year.More
Story image
Thales: A/NZ cybersecurity approach more talk than action
“While some organisations are talking a good story … predicted spending shows that most have the wrong focus.”More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Sophos named mobile security Leader in IDC MarketScape
Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More