Effects of the pandemic on consumer safety behaviors
IBM has announced the results of a global survey examining digital consumer behaviors during the pandemic, as well as their potential long-term impact on cybersecurity. As society grows accustomed to digitally-driven interactions, the study found that preferences for convenience often outweighed concerns for security and privacy among those surveyed. which leads to poor password choices and other cybersecurity behaviors.
The lax consumer approach to security, combined with the rapid digital transformation of businesses during the pandemic, can provide attackers with additional ammunition to spread cyber attacks across industries, from ransomware to data theft. Poor personal security habits can also spread in the workplace and lead to costly security incidents for businesses, with compromised user credentials being one of the top sources of cyber attacks reported in 2020.
Consumer safety behaviors altered by the pandemic
The global survey of 22,000 people in 22 markets, conducted by Morning Consult, identified the following effects of the pandemic on consumer safety behaviors:
- The digital boom will outlast pandemic protocols: Respondents created an average of 15 new online accounts during the pandemic, which equates to billions of new accounts created globally. With 44% saying they don’t plan to delete or deactivate these new accounts, these consumers will have an increased digital footprint for years to come, dramatically expanding the attack surface for cybercriminals.
- Account overload caused password fatigue: The boom in digital accounts has led to lax password behaviors among respondents, with 82% admitting to reuse credentials at least part of the time. This means that many of the new accounts created during the pandemic likely relied on combinations of reused emails and passwords, which may have already been exposed through data breaches over the past decade.
- Convenience often trumped security and privacy: 51% of millennials surveyed would rather place an order using a potentially insecure app or website, rather than calling or visiting a physical location in person. As these users are more likely to overlook security concerns for the convenience of CNC, the security burden is likely to fall more heavily on the companies providing these services to prevent fraud.
As consumers turn more to digital interactions, these behaviors also have the potential to drive the adoption of emerging technologies in a variety of contexts – from telehealth to digital identity.
“The pandemic has led to an increase in the number of new online accounts, but society’s growing preference for digital convenience may come at a cost for data security and privacy,” said Charles henderson, Global Managing Partner and Head of IBM Security X-Force.
“Organizations must now take into account the effects of this digital dependence on their security risk profile. As passwords become increasingly unreliable, one of the ways organizations can adapt, beyond multi-factor authentication, is to move to a zero-trust approach – by applying AI and analytics advances throughout the process to detect potential threats, rather than assuming a user is trustworthy after authentication. “
Consumers report high expectations for ease of access
The survey shed light on a variety of consumer security behaviors impacting the cybersecurity landscape today and in the future. As individuals increasingly embrace digital interactions in more areas of their lives, the survey found that many have also become primed by high expectations when it comes to ease of access and use.
- 5 minute rule: According to the survey, 59% of adults expect to spend less than 5 minutes creating a new digital account.
- Three strokes, you’re outside: Overall, respondents would attempt 3 to 4 connections before resetting their password. These resets not only cost businesses money, but they can also pose security threats if used in combination with an already compromised email account.
- Committed to memory: 44% of respondents store their account information online in their memory (the most common method) while 32% write this information down on paper.
- Multifactor authentication: Although password reuse is a growing problem, adding an additional verification factor for high-risk transactions can help reduce the risk of account compromise. The survey found that around two-thirds of people surveyed around the world had used multi-factor authentication in the past few weeks following the survey.
Dive Deeper into Digital Health
During the pandemic, digital channels have become a crucial element in meeting the massive demands for COVID-19[female[feminine vaccines, tests and treatments. Consumer adoption of a wide variety of digital channels for COVID-19 services can drive greater digital engagement with healthcare providers by lowering the barrier to entry for new users. According to the survey:
- 63% of respondents committed with pandemic-related services via some form of digital channel (web, mobile app, email and SMS).
- While websites / web apps were the most common digital engagement method, mobile apps and text messages also received significant usage – with 39% and 20% engagement through these channels, respectively.
As healthcare providers push further into telemedicine, it will become increasingly important that their security protocols are designed to withstand this change – from maintaining critical online computer systems to protecting sensitive data. patients and maintaining HIPAA compliance. This includes data segmentation and the implementation of strict controls so that users can only access specific systems and data, limiting the impact of a compromised account or device.
To prepare for the possibility of ransomware and extortion attacks, patient data should be encrypted, preferably at all times, and reliable backups should be in place so that systems and data can be restored quickly with minimal disruption.
Paving the way for digital identifiers
The concept of digital health passes, or vaccine passports, presented consumers with a real-life use case of digital credentials, which offer a technology-based approach to verify specific aspects of our identity. According to the survey, 65% of adults worldwide say they are familiar with the concept of digital credentials, and 76% would be likely to adopt them if they became generally acceptable.
This exposure to the idea of digital proof of identity during the pandemic may help spur wider adoption of modernized digital identity systems, which could potentially replace the need for traditional forms of identity like passports and driver’s licenses, thus providing consumers with a means of providing the limited information required for a specific transaction.
While harnessing a form of digital identity has the potential to create a sustainable model for the future, security and privacy measures need to be in place to help protect against counterfeiting – calling on the capabilities of blockchain solutions to verify and provide the ability to update these. credentials in the event of a compromise.
How Organizations Can Adapt to Changing Consumer Safety Behaviors
Businesses that have become increasingly dependent on digital engagement with consumers due to the pandemic should consider the impact this is having on their cybersecurity risk profiles. In light of changing digital security behaviors and consumer preferences, organizations should consider the following security recommendations:
- Zero trust approach: Given the growing risks, companies should consider moving to a zero-trust security approach, which works under the assumption that an authenticated identity or the network itself may already be compromised, and therefore continually validate the security conditions. connection between users, data and resources to determine authorization and need. This approach forces organizations to unify their data and approach to security, with the goal of wrapping the security context around every user, device, and interaction.
- Modernize consumer IAM: For businesses that want to continue leveraging digital channels for consumer engagement, it is important to provide a transparent authentication process. Investing in a modernized Consumer Identity and Access Management (CIAM) strategy can help businesses increase their digital engagement, delivering a seamless user experience across all digital platforms and using behavioral analytics to help reduce the risk of fraudulent use of accounts.
- Data protection and confidentiality: Having more digital users means businesses will also have more sensitive consumer data to protect. With data breaches costing businesses an average of $ 3.86 million among those studied, organizations must put in place strict data security controls to protect against unauthorized access, from data monitoring to detecting activity. suspicious to encryption of sensitive data wherever it may be. Businesses also need to implement the right on-premise and cloud-based privacy policies to maintain consumer confidence.
- Put safety to the test: With the rapidly evolving use and reliance on digital platforms, companies should consider dedicated testing to verify that the security strategies and technologies they previously relied on still fit into this new landscape. Reassessing the effectiveness of incident response plans and testing applications for security vulnerabilities are two important parts of this process.