According to a recent global survey, poor pandemic-related consumer behaviours are contributing to rising security side effects in the Asia Pacific region.
Before detailing some of the survey’s Asia Pacific findings to Disruptive Asia, Catherine Lian, managing director of IBM Malaysia explained the IBM Consumer Survey: Security Side Effects of the Pandemic initially set out to examine consumers’ digital behaviours during the coronavirus pandemic and their potential long-term impact on the cybersecurity landscape.
With society becoming increasingly aligned to digital-first behaviours, convenience often comes at the expense of security and privacy concerns, according to the individuals surveyed, said Lian.
Conducted by Morning Consult on behalf of IBM in March 2021, the global study involved 22,000 adults in 22 markets (1,000 respondents per market) including Argentina, Australia, Brazil, Canada, Chile, Colombia, France, Germany, India, Italy, Japan, Mexico, Peru, Singapore, South Korea, Spain, UK, US, Middle East, Central & Eastern Europe, Nordics, and BNL (Belgium, Netherlands, and Luxembourg).
The survey’s insights of APAC consumer security behaviours during the pandemic are summarised here:
- APAC respondents created about 17 new online accounts during the pandemic across all categories. With 37% reporting that they do not plan to delete or deactivate any of the new accounts they created during the pandemic after society returns to pre-pandemic norms; these consumers will have an increased digital footprint for years to come, greatly expanding the attack surface for cybercriminals.
- The surge in digital accounts led to lax password behaviours amongst those surveyed, with 86% of APAC consumers admit to re-using their online credentials across accounts at least some of the time. This means that many of the new accounts created during the pandemic likely relied on reused email and password combinations, which may have already been exposed via data breaches during the past decade.
- 54% of APAC respondents surveyed would rather place and pay for an order digitally than go to a physical location or call to place an order even if they had concerns about the website/app’s safety or privacy. 60% of millennials are more likely to say they would rather place and pay for an order digitally than go to a physical location or call to place an order even if they had concerns about the website/app’s safety or privacy. With these users more likely to overlook security concerns for the convenience of digital ordering, the burden of security will likely fall more heavily on companies providing these services to avoid fraud.
Growing risk profiles
“Rapid digital growth spurred by pandemic lockdowns has pushed consumers online,” Lian confirmed. “Consumers grew very accustomed to the convenience of digital interactions and this trend is expected to linger even after society returns to pre-pandemic norms.”
She added that consumers created a “plethora of new digital accounts during the pandemic from food delivery apps, groceries to retail, healthcare, and entertainment.”
“Consumers growing digital footprint could also mean a growing “risk profile”—for both individuals and businesses,” Lian warns.
“In the pursuit of digital convenience, cybersecurity awareness and data privacy have taken a backseat for many consumers,” she said. “This growing preference for digital convenience also comes hand in hand with poor security habits, from widespread password reuse to a lack of concern about the apps and sites they’re using.”
From her current interactions in the local market, Christine observed that “consumer cybersecurity awareness is still low, and businesses need to step up.”
Pointing to the survey finding that people created 15 new online accounts on average during the pandemic, and included the reuse of old, possibly compromised, passwords posed risks for companies.
Lian explained that this growing preference for digital convenience also comes hand in hand with poor security habits, from widespread password reuse to a lack of concern about the apps and sites they’re using. “Compromised user credentials representing one of the top three (3) attack vectors of 2020 (accounting for 18% of attacks globally).”
This larger digital footprint may provide both ammunition and motivation for cybercriminals, she added. “With the increase in digital accounts and the likelihood of retaining these accounts past their prime usage, we may see an increase in data breaches and their impact.”
Beyond the pandemic
When speaking of ways to kickstart a more resilient code of behaviours, Lian suggests that: “Cybersecurity awareness is not just a consumer effort. Companies that have become increasingly reliant on digital engagement with consumers during the pandemic should consider the impact on their cybersecurity risk profiles.”
“The digital platforms which we have seen a huge surge in new users may not yet have matured security practices in place, making them ‘low hanging fruit’ for cybercriminals.”
“For consumers, practising personal cybersecurity hygiene remains critical. Individuals who are quickly expanding their digital footprint should also take an active role in maintaining their own security and privacy. Trends from the consumer space are trends that bleed into enterprise networks. Bad personal security habits can also carry over into the workplace, leading to costly security incidents for companies.”
Lian reiterated that a breach of personal information may lead to more than just a password reset – from working with businesses to report and regain losses from fraudulent transactions, to dealing with credit issues that may arise as a result.
IBM Security suggests the following tips for consumers:
1) Post-Pandemic “Phone Cleaning”. Take inventory of the apps on your phone, and de-activate those which aren’t in regular usage or that have questionable security and privacy controls.
2) “Double up” on account protection (multi-factor authentication). Many of the most popular digital platforms provide the option to add multifactor authentication to your account. While this may seem like an extra hassle, many times this second factor of authentication can be quick and simple–like a fingerprint scan or face ID.
3) Use apps for passwords & authentication. Since consumers are already in the habit of grabbing new apps during the pandemic, why not add a few that will help your security habits as well, such as Password Manager App or Authenticator Apps.
“Many consumers are willing to take cybersecurity risks due to preference for digital convenience and for us this is worrying,” said Lian. “With so much else going on and in the wake of countless data breaches news that we have been hearing every other day, consumers need to become increasingly security-aware, and more thoughts are needed for personal security.”
IBM’s Cost of Data Breach Report 2021 shows that data breaches cost companies nearly US$4 million on average globally and the ‘cost of lost business’ arising from reputational damage, customer turnover & system downtime, represents nearly 40% of those costs.
“Companies must now consider the effects of this digital dependence on their security risk profile,” Lian concluded. “With passwords becoming less and less reliable, one way that companies can adapt, beyond multi-factor authentication, is shifting to a zero-trust approach – applying advanced AI and analytics throughout the process to spot potential threats, rather than assuming a user is trusted after authentication.”