Page 20 - EngineerIT March 2022
P. 20
CYBER SECURITY
Cyberthreats in South Africa are
rising, but businesses still lack strong
identity protection
By Colin Erasmus, Modern Workplace and Security Business Group Lead at Microsoft South Africa
Microsoft’s threat and data research shows just 22 percent of cloud identity solution and Azure
active directory users have implemented strong identity authentication protection
hat would you imagine your user name and password are worth to a hacker?
According to Microsoft’s latest threat and data research, the average price
Wfor 1,000 stolen user name password pairs is around $0.97 or R15. What’s
more, securing 400 million user name and password combinations in bulk will earn a
cybercriminal around $150 or R2300.
There can be little doubt, cybercriminals have our passwords in their sights. This is
particularly the case in the Middle East and Africa (MEA) where businesses are often more
prone to cyberattacks than companies anywhere else in the world. In fact, 54 percent of
African CEOs are very concerned about the fast-evolving nature of cyberthreats.
With weak passwords, password spraying, and phishing the entry point for most
attacks, identity is the new battle ground of cyberthreats. And for organisations looking
to protect themselves, preventing an identity from being misused or stolen is now the
highest priority. As part of the first edition of Cyber Signals, Microsoft’s new quarterly
cyber threat intelligence brief, we take a closer look at the dangers of the rising mismatch
in scale of identity-focused attacks in relation to levels of organisational preparedness.
The brief, which offers an expert perspective into the current threat landscape, aims
to be a valuable resource to chief information security officers as they navigate the Colin Erasmus
constantly changing threat landscape. Cyber Signals aggregates insights we see from our
research and security teams on the frontlines, including analysis from our 24 trillion The right multifactor authentication (MFA)
security signals combined with intelligence we track by monitoring more than 40 nation- and password-less solutions can go a long
state groups and 140 threat groups. way in preventing a variety of threats.
The newly released research shows that though threats have been rising fast over In fact, according to Cyber Signals, basic
the past two years, there has been low adoption of strong identity authentication, such security hygiene still protects against 98
as multifactor authentication and password-less solutions. In fact, just 22 percent of percent of attacks. Key recommendations
Microsoft’s cloud identity solution and Azure active directory users had implemented for organisations looking to increase their
strong identity authentication protection as of December 2021. level of security include:
However, the consequences of a data breach are now top of mind for 50 percent of
companies in South Africa, according to current Microsoft-IDC research. In fact risk experts Implement zero trust to reduce risk
across MEA rank cyber incidents as the second highest risk facing the region, largely Nation-states play the long game and have
because of the increase in both size and expense of data breaches. the funding, will and scale to develop
This is helping push organisations across the region to pay closer attention to new attack strategies and techniques.
digital identities. As it stands, confirming user identities with an additional layer Your security team should prioritise
of security will be a key priority over the next 6 to 18 months for 49 percent of implementing zero-trust practices like MFA
businesses in South Africa. and password-less upgrades as part of
Recognising the danger that comes with remote work and increased digitisation, a security baseline. They can begin with
another 61 percent of companies in South Africa are actively investing in identity and privileged accounts to gain protection
access management. quickly, then expand from there.
EngineerIT | March 2022 | 18
