Multi-factor authentication is critical

Issue 7 2021 Cyber Security

South African companies have responded admirably to the challenges of doing business in a pandemic with many accelerating their digital strategies and opening new channels for consumer engagement. Unfortunately, bad actors have also adapted exceedingly well, taking advantage of loopholes across different channels and using the opportunity to access poorly secured data. And, while business leaders have been focused on securing transactional data, in the longer term, compromised personal information can result in just as much damage as a breached bank account.

Wessel Matthee.

According to a Microsoft report, global consumers use an average of between three and five customer service channels when engaging with a brand. Securing each channel in the most appropriate way, that doesn’t inject too much friction into the user journey, while still providing sufficient security – even for non-financial data – is a growing challenge for global businesses. As PoPIA takes effect, this takes on an added complexity for local organisations.

In South Africa we don’t just have to secure our own information, companies must also ensure that they are monitoring their partners and conducting due diligence. Unfortunately, around 90 to 95% of companies don’t conduct this due diligence, leaving them vulnerable should a breach occur. Even if it was a third party that was breached, the company whose personal information was compromised will still be held accountable. Simple username and password access protocols are no longer enough when it comes to protecting data, even non-financial data.

While mobile network operators and financial service companies have applied authentication protocols for some time, when it comes to other sectors such as healthcare providers, this is often overlooked.

We love to share and it’s costing us dearly

South Africans are a friendly people. We love to share our triumphs and misfortunes and social media has given us the perfect platform to do this. The problem arises when we share information without thinking and that information falls into the wrong hands and is combined with data from compromised sites.

We have to understand that non-financial data is also valuable and can be ‘weaponised’ by fraudsters. Many organisations rely on knowledge-based authentication like security questions for access to their systems. For example, if a customer calls their bank or insurance company, the company has to make sure they are talking to the actual customer. To confirm this, they usually ask security questions, like your address or date of birth. The same is often true for access to online systems. But much of that information is already out there – either on social media or via a breach, making it very easy for fraudsters to impersonate a legitimate customer.

To mitigate this risk, it is vital that we become a lot more circumspect about what we share on social media. But it is also vital that all companies which hold personal information, such as medical aids, hospitals, legal firms and others make use of appropriate authentication.

The one sector which is significantly at risk is telecommunications and MNOs in particular. This was highlighted recently in the chaos surrounding the T-Mobile breach where 40 million customers had personal information stolen.

If you breach an MNO you have access to a multitude of valuable data. You have access to personal information and you can steal payment information as well as security information. The fallout from this could be very costly.

Customers have lost trust and want more control

The spike in data breaches over recent years has given many customers reason to be mistrustful of how their information is stored and protected. In fact, research shows that consumers' attitudes to a ‘friction-free’ experience may be changing and they would now prefer to verify transactions before funds leave their account. While this attitude is more prevalent with older customers, it is still a fairly contrarian position and shows just how guarded we have become when it comes to trusting brands to protect our data.

The growing pressure to secure non-financial data, not only as a result of PoPIA, but also due to the increasing expectations from the general public has resulted in a significant spike in interest in authentication solutions.

We have seen a 50% spike in enquiries from non-financial companies in the last year. The healthcare sector in particular is waking up to just how at risk they could be if they can’t show they have taken all reasonable precautions to safeguard personal information. The need for excellent multi-factor authentication is even more important when companies begin participating in ecosystems and exchanging data with third parties. Passwords and knowledge-based questions will not cut it and companies found wanting will have a hard time trying to convince a judge they had done enough, should they be breached. Not to mention the catastrophic loss of trust from their customers, which in today’s world is a currency all of its own.

About Entersekt

Entersekt is a leading provider of strong device identity and customer authentication software. Financial institutions and other large enterprises in countries across the globe rely on its multi-patented technology to communicate with their clients securely, protect them from fraud and serve them convenient new experiences irrespective of the channel or device in use. They have repeatedly credited the Entersekt Secure Platform with helping to drive adoption, deepen engagement and open opportunities for growth, all while meeting their compliance obligations with confidence.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber attackers used over 500 tools and tactics in 2022
Cyber Security News
The most common root causes of attacks were unpatched vulnerabilities and compromised credentials, while ransomware continues to be the most common ‘end game’ and attacker dwell time is shrinking – for better or worse.

Addressing the SCADA in the room
Industrial (Industry) Cyber Security
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.

Recession or stress?
Cyber Security News
The economic landscape has seen many technology companies lay off vast numbers of employees, but for cybersecurity, the picture looks very different – a dynamic mixture of excitement, challenges and toxicity.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

NEC XON appoints Armand Kruger as Head of Cybersecurity
News Cyber Security
NEC XON has announced the appointment of Armand Kruger as the Head of Cybersecurity. Kruger will oversee all cybersecurity offerings including cybersecurity strategy, programmes, and executive advisory.

Caesar Tonkin new head of cybersecurity business, Armata
News Cyber Security
Vivica Holdings has announced the appointment of cybersecurity expert Caesar Tonkin to head up its cybersecurity business Armata, which provides technology solutions and niche expertise needed to help businesses better protect themselves.

Surveillance-free surfing
News Cyber Security Products
Zoho has launched Ulaa, a privacy-centric browser built specifically to help users secure their personal data and activity by providing a browser solution that universally blocks tracking and website surveillance.

Troye and Arctic Wolf join forces
News Cyber Security Security Services & Risk Management
Troye has announced a strategic partnership with Arctic Wolf to enable Troye to provide customers with enhanced cybersecurity solutions and services that help protect their businesses from advanced cyber threats.

Relaxed home cybersecurity could render consumers accidental ‘inside actors’
Editor's Choice Cyber Security Smart Home Automation
Cisco security experts warn of snowball impact of relaxed approach to cybersecurity on personal devices, noting 60% of users primarily use their personal phone for work tasks and 76% have used unsecured public networks for work tasks.

VMware unveils new security capabilities
Cyber Security IT infrastructure Products
At the RSA Conference 2023, VMware unveiled enhanced features for its suite of security solutions to address the increasing sophistication and scale of cyberattacks and to deliver strong lateral security across multi-cloud environments.