Individuals created 17 new online accounts on the average during the pandemic leading to password fatigue and exposing consumers and businesses to high risk security and safety threats, a new study revealed.
A study by Morning Consult, commissioned by IBM Security, surveyed 22,000 individuals in 22 markets in the Asia Pacific to identify the effects of the pandemic on consumers security behavior and their long term impact on cyber security.
The study also showed that over 54 percent of APAC consumers surveyed would rather place and pay for an order digitally than go to a physical location or call to place an order even if they had concerns about the website/app’s safety or privacy.
The survey identified three effects of the pandemic on consumer security behaviors in Asia Pacific: account overload led to password fatigue; digital boom will outlast pandemic protocols; and convenience often outweigh security and privacy.
Preferences for convenience often outweighed security and privacy concerns amongst individuals surveyed – leading to poor choices around passwords and other cybersecurity behaviors, the study said.
As individuals increasingly leverage digital interactions in more realms of their lives, the survey also found that many have also become primed with high expectations for ease of access and use. At least four consumer behaviors have been identified as, 5 minute rule where individuals spend less than 5 minutes in setting up a new digital account; 3 strikes before resetting an account; 47 percent of respondents store online information in their memory; and multi-factor authentication.
The surge in digital accounts led to lax password behaviors amongst those surveyed, with 86 percent of APAC consumers admit to re-using their online credentials across accounts at least some of the time. This means that many of the new accounts created during the pandemic likely relied on reused email and password combinations, which may have already exposed via data breaches over the past decade.
Consumers’ lax approach to security, combined with rapid digital transformation by businesses during the pandemic, may provide attackers with further ammunition to propagate cyberattacks across industries – from ransomware to data theft.
According to IBM Security X-Force, bad personal security habits also carry over to the workplace and can lead to costly security incidents for companies, with compromised user credentials representing one of the top root sources of cyberattacks reported in 2020.
It was also identified that APAC respondents surveyed created about 17 new online accounts during the pandemic across all categories. With 37 percent reported that they do not plan to delete or deactivate any of the new accounts they created during the pandemic after society returns to pre-pandemic norms, these consumers will have an increased digital footprint for years to come, greatly expanding the attack surface for cybercriminals.
Also, 54 percent of the APAC respondents surveyed would rather place and pay for an order digitally than go to a physical location or call to place an order even if they had concerns about the website/app’s safety or privacy. Sixty percent of millennials are more likely to say they would rather place and pay for an order digitally than go to a physical location or call to place an order even if they had concerns about the website/app’s safety or privacy.
“With these users more likely to overlook security concerns for the convenience of digital ordering, the burden of security will likely fall more heavily on companies providing these services to avoid fraud,” the study said.
In light of shifting consumer behaviors and preferences around digital convenience, IBM Security suggests that business organizations consider the following security recommendations. These include zero trust approach, modernizing consumer IAM, data protection and privacy, and put security to the test.
The zero trust approach operates under the assumption that an authenticated identity, or the network itself may already be compromised, and therefore continuously validates the conditions for connection between users, data, and resources to determine authorization and need.
In modernizing consumer IAM, IBM Security said this to allow companies to continue leveraging digital channels for consumer engagement, providing a seamless authentication process is important. Investing in a modernized Consumer Identity and Access Management strategy can help companies increase digital engagement
On data protection and privacy, organizations must put strong data security controls in place to protect against unauthorized access from monitoring data to detect suspicious activity.
IBM Security noted that data breaches are costing companies $3.86 million on average among those studied.
To put security to the test, companies should consider dedicated testing to verify that the security strategies and technologies they have relied on previously still hold up in this new landscape.
As consumers lean further into digital interactions, these behaviors also have the potential to spur adoption of emerging technologies in a variety of settings – from telehealth, to digital identity. “Like other regions, Asia Pacific was propelled by the pandemic into a digital-first interaction for nearly every facet of life and it continues to shape our day-to-day interactions. From groceries, banking, social interactions to even healthcare services for COVID-19, consumers are demonstrating a sophisticated command of digital tools. As a result, businesses are increasingly reliant on digital channels for customer engagement and service delivery, greatly increasing their cybersecurity risks. Organizations are actively looking for advanced tools, leveraging AI and analytics, to modernize their Identity and Access Management platforms to provide a frictionless user experience across digital platforms while creating a stronger security posture and limiting potential risk. To assure the greatest levels of security, adopting a ‘Zero-trust’ approach, developing and understanding context around every user, every device and every interaction is mission critical,” Matthew Glitzer, Vice President, IBM Security, APAC.