Stolen Identities Remains Top Security Threat in Financial Crimeby Johanan Devanesan November 2, 2023
Stolen identities of workers or other authorised users are sometimes enough to provide attackers with entry to internal systems and sensitive data, putting customer data at risk.
Digital identities are usually guarded by usernames and passwords to aid users in accessing online accounts and services expeditiously, but securely. However, these credentials are frequently stolen by cybercriminals who employ various methods to obtain them, such as phishing, keylogging, credential spraying, brute-force attacks, or simply purchasing them from the dark web. Once an identity is compromised, it can serve as a stepping stone for infiltrating an organisation.
The stolen digital identities menace
The ForgeRock Identity Breach Report 2023 highlights that breached records have steadily included more personally identifiable information over the past five years, with login details and protected health information becoming more prevalent.
Attackers often take advantage of stolen credentials because many people reuse the same login details across different accounts. Protected health information is highly prized for financial fraud and can even grant access to prescription drugs.
The report’s findings showed that a serious breach or ransomware attack affecting millions of consumers can be caused by the compromise of just one authorised identity of an employee within an organisation, or of a service provider to that enterprise.
Rise of AI heightening threats
The ForgeRock Identity Breach Report 2023 stresses that attackers keep targeting credentials (the combination of usernames, passwords, and other identification data) and use them as a springboard to infiltrate an organisation, regardless of industry or location. Furthermore, artificial intelligence (AI) is making it harder for the average person to detect threats.
As more identities are stolen each year, AI-driven fraud attacks are creating a larger threat landscape for consumers and businesses alike. The use of new technologies like generative AI is leading to an increase in tactics such as phishing emails, malicious code, and voice or video-based impersonation, or “deep fakes”, which are becoming more difficult to detect.
Unauthorised access from personally identifiable information
The report reveals that unauthorised access continues to be the most prevalent cause of breaches. Ransomware attacks have steadily increased over the past five years, while phishing peaked in 2021 and declined in 2022. System and human errors, such as failure to configure cloud security, misconfigured firewalls, and unauthorised access, have been decreasing as root causes of breaches in recent years.
Instead, in recent years the amount of personal identifiable information in breached records has increased. Even seemingly harmless data, such as names and addresses, which were found in 20% of breaches in 2018, are now present in virtually all records. Meanwhile, valuable data like login credentials, protected health information, dates of birth, and insurance numbers continue to rise. Only payment/credit card information has declined, and only in the most recent year.
Personally identifiable information derived from data breaches can be employed for various fraudulent activities, such as filing falsified tax returns, opening bank accounts, or making claims on state-run services like the national medical databases.
Attack resilience in financial services
Surprisingly, financial services along with the government and retail sectors continue to perform better than others, with financial services reporting 19% fewer breaches in 2022 compared to the average of the past four years, and government and retail reporting 55% and 65% fewer respectively.
The recent success in security within financial services can be credited to the swift adoption of best practices in an unforgiving environment of poor user experiences. Also, a strong financial incentive to reduce fraud risks has enabled banks to apply better-than-average cybersecurity protections.
But despite being a highly regulated part of the financial services sector, the insurance industry is increasingly being targeted by cybercriminals. They exploit the vast amounts of personally identifiable information stored in outdated systems, the lack of user training, and the slow adoption of strong authentication.
In Singapore, the main contributor to successful attacks was phishing scams, followed by unauthorised access. The report showed there has been a significant increase in cyber extortion and ransomware, while website defacements slightly decreased in 2021.
Phishing campaigns and data breaches continued to impact Singaporean businesses, such as financial services leader OCBC, Starbucks, Shangri-La, and Carousell. The government recognises the rising number of cyberattacks and is collaborating with the broader industry to raise awareness.
In October 2022, The Monetary Authority of Singapore’s Cyber Security Advisory Panel, comprising cybersecurity experts worldwide, offered insights on how the Singapore financial sector can improve its cyber hygiene. The panel advised Singaporean enterprises to stay alert to new threats that may arise due to geopolitical tensions, implement AI and machine learning-based solutions to prevent unauthorised access, and bolster their resilience against attacks.