Cyber resilience in a post-COVID world
Jul 8, 2020

It is no longer a question of if you get attacked, but when you get attacked.

As the region emerges from the COVID-19-inflicted lockdown and eases into recovery, lives will remain somewhat virtual – work from home will continue to be the default modus operandi for most, shopping online or “click and collect” where possible remains the official recommendation, and even rallies for the upcoming Singapore election will be held online.

We believe the current uptrend in online shopping is set to continue even after countries relax restrictions[1]. As more businesses continue to move their operations and stores online to meet the demands of the “new normal”, cybercriminals are also eager to capitalise on this shift. According to a report from Google[2], there was a 350% increase in active phishing websites from January to March this year.

Emerging threats

While phishing and malware remain ever popular, the mobile first regions are seeing adoption in attack techniques as well. An example is smishing, a form of phishing that involves a text message. This can be particularly onerous because sometimes people tend to be more inclined to trust a text message than an email. Hackers are leveraging technology advancements in artificial intelligence (AI) powered cyberattacks, where they automated certain attacks or are better able to bypass company defences for example to reach executives in spear phishing campaigns. Criminals also increasingly employ digital payment fraud, where they use stolen credit card credentials to make purchases online. For instance, PayPal observed an increase of more than 250% in the amount of phishing attempts between Q1 and Q2 of 2020.

Collaborating to safeguard against cyber crime

Despite evolving threats, it remains just as crucial to maintain basic cyber hygiene. For businesses, a key step that continues to be frequently overlooked is educating employees on the warning signs to look out for. For instance, emails, texts and social media messages which may compromise systems or try to obtain confidential information, keeping systems patched and updating software in a timely manner, and following best practices like multi-factor authentication while working from home.

Combating threats in an e-commerce context goes beyond expecting consumers to be able to spot them. Instead, it is a shared responsibility between merchants, their payments partner, the regulator, and customers – from regulators requiring strong cyber hygiene, to the industry investing in innovation to develop a trusted online commerce ecosystem. A collaborative effort in the form of public and private partnership is needed to ensure that legislation is able to protect while fostering an environment where technology-enabled products and services continue to advance.

A continuous effort towards keeping transactions safe

As cybercrime becomes more sophisticated, enterprises have to partner with the providers that besides providing the desired service also practise strong cyber hygiene to protect the business and its entire supply chain.

At PayPal, we believe the onus is on us to keep our customers one step ahead with fast, seamless, and trusted transactions. Our approach towards securing digital transactions for merchants and shoppers combines machine learning, deep data mining and analytics, with the addition of human oversight to get a more accurate picture of a fraud situation, allowing us to respond swiftly and accurately.

From AI and machine learning, to blockchain and quantum computing, we continuously evaluate new tools and technologies. Not only does this improve the digital payments experience, but more importantly, it helps to keep our systems secure, and enables us strengthen the trust of our customers around the world.


Looking for PayPal Stories? Click to search archive.