The increased reliance on digital tools and poor cyber security hygiene by individuals and businesses in Singapore are leaving gaping holes for cyber criminals to exploit.
This lax approach to security, combined with rapid digital transformation by businesses during the pandemic, is providing attackers with further ammunition to propagate cyber attacks – from ransomware to data theft, said IBM Security in a survey examining digital behaviours during the pandemic and the impact on cyber security.
With society increasingly accustomed to digital-first interactions, the global study found that preferences for convenience often outweighed security and privacy concerns amongst individuals surveyed – leading to poor choices around passwords and other cybersecurity behaviours.
Lax passwords and preference for convenience over security
The survey identified the following effects of the pandemic on consumer security behaviours in Singapore:
- The surge in digital accounts led to lax password behaviours amongst Singaporeans surveyed, with 45% of respondents admitting to reusing credentials mostly or always re-use the same credentials they have used for other accounts, and 29% have an even mix of re-used credentials and new credentials.
- GenZers (52%) and respondents under 35 (51%) are more likely to be re-using the same credentials across accounts. This means that many of the new accounts created during the pandemic likely relied on reused email and password combinations, which may have already been exposed via data breaches over the past decade.
- At the same time, nearly half (47%) said they do not plan to delete or deactivate any of the new accounts they created during the pandemic after society returns to pre-pandemic norms. These consumers will have an increased digital footprint for years to come, greatly expanding the attack surface for cybercriminals.
- Over a third (34%) surveyed would rather place and pay for an order digitally than go to a physical location or call to place an order even if they had concerns about the website/app’s safety or privacy.
With these users more likely to overlook security concerns for the convenience of digital ordering, the burden of security will likely fall more heavily on companies providing these services to avoid fraud.
Poor personal security behaviour carried into the workplace
According to IBM Security, bad personal security habits may also carry over to the workplace and can lead to costly security incidents for companies, with compromised user credentials representing one of the top root sources of cyber attacks reported in 2020.
“Like other countries across the globe, Singapore was propelled by the pandemic into a digital-first interaction for nearly every facet of life and it continues to shape our day-to-day interactions. From groceries, banking, social interactions to even healthcare services for COVID-19, consumers are demonstrating a sophisticated command of digital tools,” Matthew Glitzer, Vice President, IBM Security, APAC.
“As a result, businesses are increasingly reliant on digital channels for customer engagement and service delivery, greatly increasing their cybersecurity risks. Organisations are actively looking for advanced tools, leveraging AI and analytics, to modernise their Identity and Access Management platforms to provide a frictionless user experience across digital platforms while creating a stronger security posture and limiting potential risk.
“To assure the greatest levels of security, adopting a ‘Zero-trust’ approach, developing and understanding context around every user, every device and every interaction is mission critical.”
IBM said Singaporean respondents shifted further into digital interactions during COVID-19, and in most instances say they will continue to rely on digital interactions in life after the COVID-19 pandemic compared to prior.
While websites/web apps were the most common method of digital engagement, mobile apps and phone calls also received significant usage.
The global study survey polled 22,000 individuals in 22 markets, and was conducted by Morning Consult on behalf of IBM Security.