Rapid digital growth catalyzed by the pandemic has pushed consumers online. But global user cybersecurity awareness is still an issue. (Photo by Paul ELLIS / AFP)

Rapid digital growth catalyzed by the pandemic has pushed consumers online. But global user cybersecurity awareness is still an issue. (Photo by Paul ELLIS / AFP)

Consumer cybersecurity awareness still low, businesses should step up – IBM Security

Cybersecurity awareness by global consumers is still concerningly low, according to a new survey by IBM Security. This trend will greatly impact businesses relying on digital engagement to consider how this will affect their cybersecurity risk profiles.

The global Covid-19 pandemic has undoubtedly pushed most of the world to digitalize their work and personal habits. This has resulted in a surge of demand and adoption of online services, be it in the consumption of entertainment or products, as well as within the workplace.

The survey, titled ‘IBM Consumer Survey: Security Side Effects of the Pandemic, was carried out by Morning Consult on behalf of IBM Security. It polled 22,000 individuals around the world on their online security habits, and the results are rather concerning. 

Cybersecurity awareness trends

The findings show that across all categories polled, respondents in the Asia Pacific (APAC) fare a little worse than the global average on personal cybersecurity and data privacy habits. It was found that an average of 17 (global: 15) new online accounts were created for each respondent from APAC. 39% (global: 44%) have indicated that they do not plan to delete or deactivate any new accounts even if the pandemic is over.

Despite the risk of potentially insecure apps/websites, 54% (global: 44%) of APAC respondents would still proceed with ordering and paying for digital orders as opposed to purchasing at a physical location. Worryingly, 86% (global: 82%) of respondents admit that they re-use the same credentials across multiple online accounts. 69% (global: 63%) of respondents also accessed COVID-related services via digital channels, such as mobile apps, websites, email, and text messages. 

The survey found that consumers want faster and more convenient digital interactions, and most prefer to spend less than five minutes creating a new account. Furthermore, it was found that users on average would make around three password attempts before resetting their login details, which can be costly for companies. 

For APAC users, 47% memorize their login credentials, whereas 34% write them on paper, increasing security risks. Organizations can use this knowledge to suggest that users utilize a password manager app to ease logins. These are some of the aspects organizations can consider when designing systems for data collection or logins whilst focusing on security.

Cybersecurity awareness not just a consumer effort

IBM Security suggests four key approaches that businesses can consider:

1. Adopting a ‘ZeroTrust’ security approach

Speaking to Tech Wire Asia, Managing Director of IBM Malaysia Catherine Lian noted that one of the biggest takeaways here is that companies can no longer rely on passwords as a primary method to establish “trust” with users. As such, a ‘zero-trust’ security approach would fare better, as it assumes that an authenticated identity, or the network itself, may already be compromised (even if they aren’t). 

This translates into having a ‘security-first perspective’ when it comes to handling every user, device, and interaction. By unifying security data and approaches, the use of technology like AI will continuously validate conditions for connections between users, data, and resources which can help spot the differences between legitimate users and potential cybercriminals. 

2. Modernizing Consumer Identity and Access Management (CIAM)

A modernized CIAM strategy can efficiently and effectively help companies increase digital engagement. This can provide behavioral user analytics, plus users will experience a more seamless experience across multiple digital platforms. It can also cut down on fake profiles/accounts created by detecting them using perhaps artificial intelligence (AI) or machine learning (ML) technologies.

3. Enhancing Data Protection & Privacy

The increase in users translates into higher amounts of sensitive data. Companies should ensure that they have strong data security features (both local and cloud) to prevent unauthorized access from data monitoring to detecting suspicious activity. 

Strong data encryption is highly critical for all organizations and companies, big or small. Additionally, companies should implement ethical and appropriate data privacy policies in order to build and maintain consumer trust.

4. Increasing security testing

Businesses can re-evaluate the effectiveness of incident response plans, and testing applications for security vulnerabilities, both of which are important components of this process. Investing in dedicated testing with more modern approaches such as breach and attack simulations (BAS) instead of penetration testing is also viable.

What does this mean for businesses?

In the pursuit of digital convenience, cybersecurity awareness and data privacy have taken a backseat for many participants.

“It’s important to remember that these poor security habits amongst consumers will also likely transfer to the workplace and employees – therefore putting the right controls and analytics in place to ensure only the right people have access to the specific data needed for their job, for a specific and limited duration of time”, said Lian. 

She suggested that organizations consider offsetting password reliance with options for alternate forms of authentication such as biometrics and authenticator apps – which can help add an additional level of security, without compromising the user experience. 

This wouldn’t be too difficult to implement since the survey found that over two-thirds of APAC users are aware of and use multi-factor authentication, which can greatly help the user should their account be compromised.

The lowered awareness of cybersecurity and data privacy by users suggest that businesses that reach their customers digitally will have to reconsider their cybersecurity efforts and take these into account when strategizing and assessing their cybersecurity risk profiles.