Having spent a number of hours each week talking and writing about security, I kind of assume that it’s a topic that everyone is interested in and that everyone is pretty much clued up about these days. Every company of any size uses external penetration testing (pentesting) experts to check that their systems are secure (even mainframes), and most companies nowadays seem to run dummy phishing attacks just to see which of their employees are still clicking on dodgy links and downloading questionable attachments. So, it was interesting to see the results of the IBM Consumer Survey: Security Side Effects of the Pandemic. The survey was carried out in March by Morning Consult, which asked 22,000 people around the world about their online security habits.
The key findings of the survey were:
- Global respondents shifted further into digital interactions during COVID-19 and are likely to continue digital-first interactions in life after the COVID-19 pandemic.
- Across all categories, global consumers created about 15 new online accounts during the pandemic. Younger respondents created more new accounts during the pandemic across categories, and created more accounts across each category than any other age group or generation.
- Over four in five (82%) global respondents are re-using the same credentials that they have used for other accounts at least some of the time. Younger respondents are more likely to say they always or mostly re-use the same credentials that they have used for other accounts.
- Many would still rather place an order digitally – even if there were security/privacy concerns. Over four in ten (44%) global respondents, and 51% of millennials would rather place and pay for an order digitally than go to a physical location or call to place an order even if they had concerns about the website/app’s safety or privacy.
- A majority of global respondents (63%) accessed COVID-related services via digital channels – including mobile apps, websites, email, and text messages.
- Nearly half (44%) of respondents do not plan to delete or deactivate any of the new accounts they created during the pandemic after society returns to pre-pandemic norms.
The report says that “consumers not only increased their reliance on digital channels during the pandemic, but also that this ‘digital dependence’ is expected to linger even after society returns to pre-pandemic norms. Consumers reported they will continue to rely on digital services at higher rates than before the pandemic, and many say they will not delete any of the new accounts they created during that time.”
The survey found that respondents under 50 are most likely to predict they will interact through digital formats in life after the COVID-19 pandemic. Although the average number of new accounts was 15, millennials created over 18 new online accounts during the pandemic, more than any other generation. The only slightly good news was that the survey found that 56% respondents would remove permission for an application to track behaviour if the app requested permission to do so.
The survey concludes that “consumers’ increased reliance on digital channels during the pandemic may have caused more lax attitudes towards security – with the convenience of digital ordering often outweighing security and privacy concerns. Many consumers (particularly younger generations) say they would rather place an order digitally, even if there were security or privacy concerns with the application. Additionally, consumers rarely decline to use a new digital platform due to security or privacy concerns. This surge in new accounts may also be creating password fatigue, with consumers reporting high levels of password reuse across their accounts. This means many of the new accounts created during the pandemic likely relied on reused credentials, which may have been compromised in previous data breaches.
The survey also found that 35% of respondents have accepted terms they were uncomfortable with so they could use a service. 41% would avoid using an online platform to shop or place an order over concerns over app/website security, and 38% would avoid using online platforms if they had concerns around privacy.
For vendors, a bad online user experience can lead to people giving up on an online purchase, application, or transaction based on negative experiences. 42% said they’d done that when logging in, 41% when signing up, and 41%, again, when completing payment. Younger respondents are more likely to give up than older people. The survey also found that, on average, respondents across all age groups would attempt about 3-4 logins before they decided to reset their login credentials.
While 59% of respondents expect to spend between 1-5 minutes setting up a new digital account, 57% would reconsider setting up a non-essential digital account after spending 1-5 minutes. 44% of respondents keep online account information in their memory, and 32% have it written on paper. And while passwords are the preferred method to log in, respondents under 35 are more likely than older generations to prefer single sign-on or biometrics. It’s good to see that around two thirds of respondents have used two-factor or multi-factor authentication to access an online account. 65% of respondents are very or somewhat familiar with the concept of digital credentials, and 76% of respondents would be very or somewhat likely to use digital credentials.
63% of respondents have accessed COVID-related services via digital channels, and younger respondents were more likely to have accessed COVID related services digitally.
Overall, it’s an interesting, but worrying survey. IBM Security did offer companies the following guidance:
“Zero Trust Approach: given increasing risks, companies should consider evolving to a ‘zero trust’ security approach, which operates under the assumption that an authenticated identity, or the network itself, may already be compromised – therefore, it continuously validates the conditions for connection between users, data, and resources to determine authorization and need. This approach requires companies to unify their security data and approach, with the goal of wrapping security context around every user, every device, and every interaction.
“Modernizing Consumer IAM: investing in a modernized Consumer Identity and Access Management (CIAM) strategy can help companies increase digital engagement – providing a frictionless user experience across digital platforms and using behavioural analytics to decrease the risk of fraudulent account use.
“Data Protection & Privacy: having more digital users means that companies will also have more sensitive consumer data to protect. Organizations must ensure that strong data security controls are in place to prevent unauthorized access – from monitoring data to detect suspicious activity, to encrypting sensitive data wherever it travels. Companies should also implement the right privacy policies on premise, and in the cloud, in order to maintain consumer trust.
“Put Security to the Test: with usage and reliance on digital platforms changing rapidly, companies should consider dedicated testing to ensure the security strategies and technologies they’ve relied on previously still hold up in this new landscape. Re-evaluating the effectiveness of incident response plans, and testing applications for security vulnerabilities, are both important components of this process.”
Good advice.
No comments:
Post a Comment