IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Cybersecurity
#
IT in Healthcare
#
CIOs
ForgeRock: Identity security crucial for healthcare providers
Fri, 5th Jun 2020
FYI, this story is more than a year old
Author image
By Catherine Knowles, Journalist
Follow us

Last year in Australia, cyber attacks largely targeted identity credentials, however organisations particularly in the healthcare sector may not be aware of the threat, new research finds.

ForgeRock, a digital identity company, released its 2020 Consumer Identity Breach Report, which looks at Australian cyber incidents against the US, UK and Germany.

OAIC statistics showed that between July and December 2019, 74% of cyber incidents breaches targeted identity credentials, including phishing, stolen or compromised credentials and brute force attacks.

This puts Australia on-par with other markets, where phishing, malware, unauthorised access and ransomware dominated, ForgeRock states.

However, Australia's healthcare sector only comprised 22% of total breaches reported to the OAIC, far below the UK and U.S, comprising 51.5% and 45% of data breaches respectively.

ForgeRock regional VP James Ross says, with organisations in many sectors often unaware a breach has occurred until after the incident has occurred, this gap is due to Australian healthcare providers remaining unaware that they have been attacked.

Ross says, “A comparison of Australian data breaches against other markets indicates that Australia's healthcare sector may not be aware of the full number of data breaches it is incurring.

“OAIC figures show that the health sector attracted 22% of self-reported data breaches in 2019, far less than 51 and 45% in the UK and the US respectively.

"Since organisations from all sectors often only realise they have suffered a breach when their data appears on the dark web, Australia's healthcare sector may be suffering a higher number of breaches than reported.

He says, “It's also important to highlight the role of identity in cyber breaches. Between July and December, 74% of malicious or criminal data breaches reported were as a result of compromised identity.

“This means that whether through phishing, stolen or compromised credentials or brute force attacks, malicious actors are elevating attacks through identity access to find personal and sensitive data.

Ross says as digital transformation is embraced and new solutions are adopted, healthcare organisations in particular should look into actioning more robust security measures.

He says, “As our healthcare, financial services and other sectors move toward API-powered models, whereby multiple organisations can access and leverage data, identity management is only going to become more critical to the security of valuable private information.

“CIOs and CSOs must prioritise identity management alongside threat intelligence and end-point security intaking an identity-first approach that will enable firms to significantly reduce risks whilst enabling innovation through more efficient and secure data access.

He says, with security experts raising concerns about risks to My Health Record APIs, now is the time for organisations in all sectors to rethink identity and credentials as a cornerstone of cybersecurity policy.

Related stories
Armis warns of major cyber-attack risk to 2024 global elections
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
Half of online traffic in 2024 generated by bots, report finds
Spirent partners with online payments platform to boost cyber defenses
Cisco launches Hypershield for AI-driven security upgrade
Top stories
Axis unveils next-gen Camera Station VMS & cloud solutions
Intel reshuffles Asia Pacific leadership to boost business growth
Coalition integrates cyber risk platform with top cloud services providers
Sapia Labs presents 'revolutionary' AI research at SIOP conference
Secolve & Asimily join forces to boost Australia's IoT security