Breaches in security and fraud have been a hot topic for some time now. According to recent news, a Cyber Security Agency of Singapore (CSA) survey showed that between 50 and 70 percent of Singaporean respondents either did not change their passwords or did so only when prompted by their different online accounts.
The introduction of two-factor authentication (2FA) isn’t the penultimate answer to this predicament, in fact, some quarters believe having more than two authentication processes for security isn’t a bad idea. But in many cases, even 2FA is not practised. This is irresponsible and endangers our personal information and, in some cases, our payment details.
Cyber Security Asean spoke to Eric Dadoun, Twizo’s lead digital security and encryption, to discuss issues concerning the lack of security practices. Eric started his first startup when he was just 17 years old and is now both an investor and an entrepreneur based in Singapore. Twizo looks to address this issue from both the consumer and enterprise standpoint by making authentication and security a simple solution for a big problem. They plan to bring it into messaging services too (WhatsApp, SMS, Telegram, etc.) and implement security measures into other existing digital services.
“Cyber security is something that we all struggle with,” he explains. “It is becoming a more digitised world. Our data is becoming increasingly stored online. Frankly speaking, as we move forward with technological development, (the cyber threat) is going to be magnified. Taking cyber security seriously is critical. Now and even more so in the future.”
Eric believes that 2FA is one mode of security that can prevent people from becoming victims of online threats. However, it seems that even though the threats are increasing, people seem to be nonchalant about their own security and online presence.
Eric shares why he sees this happening. “I believe that comes down to a variety of things, in terms of services that are available in the market as well as general human behaviour. I believe on the human behaviour side, a lot of us tend to have the ‘it won’t happen to me’ type of mentality. And that’s not just with respect to cyber security, but that is with respect to a lot of potential dangers we face in our lives.”
Eric shares that in the same way that we have offline practices of getting insurance and protection in different areas of our lives, it is important to think about protection online and get out of the ‘that won’t happen to me mentality’ in order to reduce the risk of becoming a victim of cyber crime.
The other reason for 2FA not being used is from the service side. Eric says that from the service perspective, 2FA isn’t always easy to integrate and can be costly. Therefore, implementing it into a business or for individual use isn’t necessarily a feasible option.
“When you look at simplicity and ease of use of service, from service providers in the two-factor authentication space, we think there is a lot left to be desired there. We feel 2FA needs to be made simple for consumers to engage in. We feel it needs to be made simple for enterprises to integrate with, and we think that it needs to be cost-effective – lowering the barrier to entry as much as possible. We definitely feel that’s the gap in the market currently."
He also feels there is a pressing need for education of the masses in understanding cyber security. Due to the lack of awareness and understanding of the need to secure personal and business information, the lack of security protocols is obvious. Once there is better education on this, and services more catered to the needs of the people, 2FA would be a natural part of security integration for all security purposes.