3 key takeaways from our consumer and risk trends report
Cybersecurity professionals have had their work cut out for them during the pandemic.
In the second half of 2021, consumers flocked online to shop for the holidays, communicate with their banks, purchase event tickets, and more. In all of these online interactions, consumers expect both a streamlined user experience and high security standards. But the rapid rise in online traffic has made providing both elements a tall task.
To help businesses navigate these new expectations, our team used insights from our global platform to compile the Consumer and Risk Report. The report details how changes in digital customer experiences manifest in various industries and offers guidance on how companies can provide a seamless user experience while mitigating common cybersecurity risks in 2022 — and beyond.
Here are the most important takeaways from the Consumer and Risk Trends Report.
1. User experience is king (and that won’t change)
Consumers expected smooth digital experiences across all industries based on the data from the second half of 2021. More and more consumers digitized their day-to-day lives, with a 24% year-over-year increase in overall eCommerce traffic and a 12% year-over-year increase in digital banking traffic. For today’s users, the ease of online interactions is vital — more than three-quarters of consumers are more likely to recommend a brand because of the experience.
The challenge is providing an exceptional user experience while also improving online security since many traditional security measures create added friction. For example, adding authentication steps like a two-factor authentication (2FA) prompt or text code can turn trusted users away because it detracts from the user experience.
Achieving the right balance isn’t easy, but deploying device intelligence and collecting behavioral insights can help. These tools reduce friction for trusted users without jeopardizing customer security. More intelligent and layered security measures mean companies no longer have to choose between improved security standards and a high-quality user experience.
2. Sophisticated attacks still pose a major threat
Fraudsters increasingly rely on sophisticated attacks that imitate human behavior to fool common bot-detection tools that focus solely on device IDs and fingerprints. These can be difficult to track, especially when 40% of sophisticated attacks use clean IPs that aren’t associated with suspicious activity. These attacks can also manifest using automated scripts that mimic human typing or workers at human farms that can easily bypass authentication challenges, like CAPTCHAs.
The pandemic led to a rise in sophisticated attacks — they made up 47% of attacks across all industries in 2021. As sophisticated attacks become more common, companies should invest in behavioral tools that go beyond spotting basic bot behavior. The right behavioral tools help companies identify signs of a sophisticated attack and shut it down before it’s too late.
3. Success rate of credential stuffing has dropped to pre-pandemic levels, but remains a challenge
In our H1 2021 report, we broke down how a wave of new online users led to more attackers using phishing schemes to harvest high-quality credentials. Many of these new users were unfamiliar with common signs of a phishing scheme and attackers didn’t hesitate to take advantage of it. However, as new digital users have grown more comfortable being online, phishing attacks have become less effective. In H2 2021, 1.7% of credentials used in login attack attempts were correct — a significant drop from 9.9% in H1 2021.
Although this is encouraging progress, the threat of phishing attacks is still very real. A single attack can easily include hundreds of thousands of login attempts, which means even just 1.7% of correct credentials can compromise 17,000 accounts. To mitigate risk, companies must continue to track credential data to better anticipate future attack patterns and understand where cybercriminals have identified weaknesses in their defenses. For example, a high volume of failed login attempts coming from mobile users may indicate an attack through this channel and underscore the need to revisit mobile security measures.
Ultimately, device intelligence and behavioral security practices add layers of protection beyond user credentials, whether these have been stolen through phishing attacks or other ploys. It’s easier to spot bad actors armed with valid credentials when organizations are also taking note of where and when these personal identifiers are being used, as well as whether inherent behaviors (e.g., typing pattern, cadence, mouse movements, etc.) deviate from expected patterns.
Increased digital traffic and rising customer expectations present challenges for cybersecurity professionals and the businesses they protect. By understanding attackers’ tactics and the evolving expectations of good users, companies are better equipped to respond with risk mitigation practices that ensure high-quality user experiences. And when user experience is king, trusted users are satisfied (and safe).
The NuData Consumer and Risk Report provides companies with insights they can use to navigate today’s changing cybersecurity landscape — whether you’re preparing for 2022 cybersecurity attacks, the 2022 holiday season, or your post-pandemic strategy. Download the full report to learn more.