In this new, short series, a number of cybersecurity experts are providing their thoughts to Digital Journal about what the post-COVID-19 world will look like. This is the second in the series. In the first article, we heard from DivvyCloud by Rapid7’s Chris DeRamus, who is the VP of Technology, Cloud Security Practice.
READ MORE: Security predictions: Where are we heading?
For this second piece, commentary comes from Jumio, Robert Prigge, CEO.
Passwords will become extinct much faster than predicted
According to Prigge, how security is undertaken is going to change considerably. Prigge tells us: “As the COVID-19 pandemic pushed more of us to self-isolate, Zoom became the go-to teleconferencing platform. In fact, Zoom went from 10 million daily meetings in December to 300 million today.”
However, this will cost Prigge says: “Unfortunately, this surge in popularity came with a price tag — a lack of data privacy. Now, there are over 500,000+ stolen Zoom logins floating around the dark web for just .002 cents each. And this is just opening the door for account takeover (ATO) attacks via credential stuffing — a type of cyberattack where automated bots use those stolen account credentials to gain unauthorized access to user accounts.”
This impacts across a number of systems: “And Zoom is not alone. We’ve also seen a rash of account takeover attempts aimed at users of Microsoft’s proprietary Remote Desktop Protocol (RDP), striking millions per week.”
Prigge also expands on the risks: “With data collected and sold on the dark web containing usernames and passwords from past breaches, and internet users often recycling the same login credentials across multiple platforms, cybercriminals have all of the tools they need to impersonate a user’s identity online. This means that if your online account is only protected by a username and password, then you’re likely going to be an ATO target. As a result, password-based authentication, multi-factor authentication (2FA) and knowledge-based authentication (KBA) will be a thing of the past much sooner than previously anticipated, and businesses will look to more sophisticated and secure login options for current and prospective users.”
Telemedicine will open up new threat vectors for fraud
Telehealth is set to become a major growth area, according to Prigge: “Given the health concerns involved with physically visiting a doctor or hospital during COVID-19, patients have been urged to stay home unless symptoms are considered severe. Because of this, telemedicine has been the most viable resource for those seeking medical counsel during this time. Unfortunately there have also been over 3,000 healthcare-related breaches that have impacted more than 500 million medical records in the past decade, a trend that has been escalating year-over-year.”
This brings with it security concerns: “Due to the high amount of personal information, medical records command a high value on the dark web and can be listed for up to $1,000 each, 10 times more than the average credit card data breach record. Cybercriminals can then easily obtain this information and impersonate legitimate patients.”
The significance is with the value of this data to hackers. Here Prigge says: “This stolen information can also be used to obtain free medical or dental care. Because of this, CIOs will scramble to ensure procedures are in place so that doctors know their patients are who they say they are —and this is the domain of the emerging field of Know Your Patient (KYP). This means healthcare provider organizations need to adopt identity safeguards similar to the Know Your Customer (KYC) regulations adopted by the financial service industry.”
