Multi-factor authentication is critical

Issue 7 2021 Information Security

South African companies have responded admirably to the challenges of doing business in a pandemic with many accelerating their digital strategies and opening new channels for consumer engagement. Unfortunately, bad actors have also adapted exceedingly well, taking advantage of loopholes across different channels and using the opportunity to access poorly secured data. And, while business leaders have been focused on securing transactional data, in the longer term, compromised personal information can result in just as much damage as a breached bank account.


Wessel Matthee.

According to a Microsoft report, global consumers use an average of between three and five customer service channels when engaging with a brand. Securing each channel in the most appropriate way, that doesn’t inject too much friction into the user journey, while still providing sufficient security – even for non-financial data – is a growing challenge for global businesses. As PoPIA takes effect, this takes on an added complexity for local organisations.

In South Africa we don’t just have to secure our own information, companies must also ensure that they are monitoring their partners and conducting due diligence. Unfortunately, around 90 to 95% of companies don’t conduct this due diligence, leaving them vulnerable should a breach occur. Even if it was a third party that was breached, the company whose personal information was compromised will still be held accountable. Simple username and password access protocols are no longer enough when it comes to protecting data, even non-financial data.

While mobile network operators and financial service companies have applied authentication protocols for some time, when it comes to other sectors such as healthcare providers, this is often overlooked.

We love to share and it’s costing us dearly

South Africans are a friendly people. We love to share our triumphs and misfortunes and social media has given us the perfect platform to do this. The problem arises when we share information without thinking and that information falls into the wrong hands and is combined with data from compromised sites.

We have to understand that non-financial data is also valuable and can be ‘weaponised’ by fraudsters. Many organisations rely on knowledge-based authentication like security questions for access to their systems. For example, if a customer calls their bank or insurance company, the company has to make sure they are talking to the actual customer. To confirm this, they usually ask security questions, like your address or date of birth. The same is often true for access to online systems. But much of that information is already out there – either on social media or via a breach, making it very easy for fraudsters to impersonate a legitimate customer.

To mitigate this risk, it is vital that we become a lot more circumspect about what we share on social media. But it is also vital that all companies which hold personal information, such as medical aids, hospitals, legal firms and others make use of appropriate authentication.

The one sector which is significantly at risk is telecommunications and MNOs in particular. This was highlighted recently in the chaos surrounding the T-Mobile breach where 40 million customers had personal information stolen.

If you breach an MNO you have access to a multitude of valuable data. You have access to personal information and you can steal payment information as well as security information. The fallout from this could be very costly.

Customers have lost trust and want more control

The spike in data breaches over recent years has given many customers reason to be mistrustful of how their information is stored and protected. In fact, research shows that consumers' attitudes to a ‘friction-free’ experience may be changing and they would now prefer to verify transactions before funds leave their account. While this attitude is more prevalent with older customers, it is still a fairly contrarian position and shows just how guarded we have become when it comes to trusting brands to protect our data.

The growing pressure to secure non-financial data, not only as a result of PoPIA, but also due to the increasing expectations from the general public has resulted in a significant spike in interest in authentication solutions.

We have seen a 50% spike in enquiries from non-financial companies in the last year. The healthcare sector in particular is waking up to just how at risk they could be if they can’t show they have taken all reasonable precautions to safeguard personal information. The need for excellent multi-factor authentication is even more important when companies begin participating in ecosystems and exchanging data with third parties. Passwords and knowledge-based questions will not cut it and companies found wanting will have a hard time trying to convince a judge they had done enough, should they be breached. Not to mention the catastrophic loss of trust from their customers, which in today’s world is a currency all of its own.

About Entersekt

Entersekt is a leading provider of strong device identity and customer authentication software. Financial institutions and other large enterprises in countries across the globe rely on its multi-patented technology to communicate with their clients securely, protect them from fraud and serve them convenient new experiences irrespective of the channel or device in use. They have repeatedly credited the Entersekt Secure Platform with helping to drive adoption, deepen engagement and open opportunities for growth, all while meeting their compliance obligations with confidence.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.