COVID-19 Pandemic Amplifies Password Security Flaws

The COVID-19 pandemic has amplified password security flaws with 1 in 3 people falling victim to phishing attacks. In the first-quarter of 2020, 854,441 confirmed phishing and counterfeit pages and 4 million suspicious pages were detected, according to data released by Bolster, a fraud prevention company.

Since the lockdown started, a Capterra report reveals a third of respondents have fallen victim to phishing emails, which hackers use to steal passwords – 45% of which were related to coronavirus. The Capterra report found that a third of respondents use identical passwords, with employees often sharing passwords with colleagues, as well as between personal and business accounts.

Capterra has published a study to reveal the threat of phishing scams and weak password security since the pandemic began, echoing the U.K. Government’s recent warning.  Gartner forecasts that by 2022, 60% of businesses will have cut their reliance on passwords by half.

Remote Working Triggers Rise In Attacks

An increasing number of people have shifted to working remotely and many hackers have been taking advantage of the new and less established working practices by pretending to be customers or suppliers to trick employees.

Yoav Keren, the CEO of BrandShield, says there has been an increase in creating phishing sites impersonating a company's home page or company internal portal.  

“These are often combined with scams which include impersonation on social media platforms or phishing emails to trick employees into giving money away, such as fake invoices," Karen told Benzinga in a recent interview.

This is a significant threat that most companies are not prepared for. Customers are also more exposed to scams and financial fraud, as many more transactions are now performed online.

COVID-19 Pandemic Acting As Catalyst

James Stickland, CEO of Veridium, believes the global crisis is acting as a catalyst, forcing firms to innovate stronger authentication technology, such as biometrics, to protect their most valuable assets.

“Capterra’s findings demonstrate the extent to which businesses and employees worldwide are battling with password security, which is directly linked to the high number of phishing attack victims and rising fraud,” says Stickland.

COVID-19 Poses Biggest Ever Cybersecurity Threat

Stickland explains, “Covid-19 is now posing the biggest-ever cybersecurity threat, causing phishing attacks to rise over 600% in since February, as malicious actors trick users via fake coronavirus alerts. This is forcing businesses to rethink and overhaul their security strategies in an increasingly vulnerable landscape.”

Passwords are also now widely being recognised as an outdated, easily compromised method of authentication, accounting for over 80% of data breaches.

"Millions use the same password for multiple logins, leaving valuable personal data at risk. This isn’t surprising – employees must remember approximately 27 passwords, putting them under considerable strain," says Stickland.

Veridium estimates that enterprises with 10,000 employees spend on average $100 per user each year to manage password resets, amounting to a staggering $1.9 million, as well as significantly decreasing productivity across all departments.

James concludes: “Now that millions of employees are working from home, companies are waking up to the weakness of passwords. As a result, more and more organisations are turning towards passwordless, multi factor biometric authentication to mitigate against increasingly sophisticated cyber threats, whilst enhancing the user experience.”

Bolster released its "Q1 2020 State of Phishing and Online Fraud Report: COVID Edition." The company says it analyzed over 1 billion websites to provide an audit of how phishing and online fraud is affecting enterprises, SMBs, nonprofits and the online consumer community.

Stimulus checks and loans have brought out the hackers: Bolster found over 145,000 suspicious domain registrations with "stimulus check" in them.

“The number of websites that claim to offer small business loans jumped 130 percent from February to March. Hackers spun up 60,707 banking websites to attempt to siphon off stimulus funds,” says Bolster.

Eliminate Passwords

One way to tackle the issue is by eliminating the need for passwords. Veridium has a authentication platform which enables companies to secure identity and privacy in an all-digital world by proving you are who you say you are with biometrics and your smartphone; utilizing new, innovative technology like its vFace or 4 Fingers Touchless ID to ensure compliance, whilst also providing a convenient, secure experience.

Veridium authentication platform and proprietary biometrics provide strong authentication, eliminating the need for passwords, tokens, or PINs – delivering multi factor security with single-step convenience at a lower total cost of ownership than traditional MFA solutions.