Make multi-factor authentication your new year’s resolution

Issue 1 2025 Information Security


Roger Britz.

With SA’s Information Regulator on record as saying the country suffered at least 150 data breaches a month in 2024, South Africans must make multi-factor authentication (MFA) the non-negotiable centrepiece of their personal cybersecurity new year’s resolutions.

Data breaches were up threefold in 2024 compared to 2023, notes Roger Britz, Customer Experience Catalyst at PerfectWorx Consulting. “Keeping personal data and online accounts safe pivots on MFA. Experts agree that implementing an additional layer of security to validate user identities can block 99,9% of automated cyberattacks, which are increasingly powered by artificial intelligence (AI),” says Britz.

Although creating multiple online accounts to access content has become common, Britz advises South Africans to resist the temptation to reuse passwords. “Bad actors are noticing our country, and cyberattacks are only going to increase over the next twelve months. We must not provide cybercriminals with the means to break into multiple accounts.”

Password protection is not enough. An additional layer of security is needed and concerned end users locally and overseas are now insisting that the organisations they interact with online implement MFA or two-factor authentication (2FA). Critically, a second authentication factor helps prevent access even if one’s password has been compromised.

MFA is a multi-step account login process requiring users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint.

The factors that can be used for authentication can generally be split into three categories:

1. Knowledge factor – This is something the user will know that no one else knows. This could be the answer to a secret question like a pet’s name.

2. Possession factor – This is something that a user uniquely owns. An example of this would be physical devices like mobile phones. A notification can be sent to an authenticator application on the phone.

3. Inherence factor – This is something that is inherent to the user. Many mobile phones now allow fingerprint scanning or facial recognition as an authentication factor.

There are many options available for MFA, so it is important to do one’s homework. One option that brings many added features to the table is Cisco Duo, an MFA application from Cisco. It verifies user identities and - critically - their devices' health. Cisco Duo not only adds MFA, it also makes the user experience smoother and simpler by adapting authentication requirements based on risk level. It also adopts a Zero-Trust security stance, which assumes no user should be trusted by default.

Duo provides an easy-to-use, secure mobile authentication app for quick, push notification-based approval to verify a user’s identity with smartphone, smartwatch and security key support. Duo also offers a more secure Verified Duo Push option.

“As technology continues to grow, more and more sensitive data will be stored online in the cloud. It is, therefore, vital for businesses and individuals alike to see the coming new year as an opportunity to take all steps to ensure that their data is better secured by MFA. Remember, at the beginning of all online access is authentication,” concludes Britz.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cybersecurity needs actual intelligence before artificial intelligence
Information Security AI & Data Analytics
Cybersecurity depends on interpretation. A tool can tell you that something unusual has happened, but people need to determine whether it is a genuine risk, the business impact, and how to respond without causing unnecessary disruption.

Read more...
Duxbury Cybersecurity sharpens reseller offering
Duxbury Networking Information Security News & Events
Duxbury Networking has strengthened its Duxbury Cybersecurity business unit by adding WatchGuard and Cynet, giving South African resellers broader, more integrated coverage for the security risks customers are now asking them to address.

Read more...
NEC XON detects and stops ransomware attack
NEC XON Information Security IoT & Automation
Ransomware attacks rarely begin with chaos. More often, they start quietly, with probing, mapping, and patient reconnaissance inside a target’s network. That was the situation facing a global recruitment firm when cybercriminals attempted to navigate its systems.

Read more...
Sara AI Pentesting available in South Africa
Information Security News & Events
Synack and Wolfpack Information Risk are offering Sara AI Pentesting to organisations across South Africa, helping companies move from point-in-time testing to continuous security validation with AI and human expertise.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
Cybersecurity in a digitally connected security industry
SA Technologies Information Security IoT & Automation
As more organisations move towards digital visitor management, cloud-based access control, mobile applications, biometric verification, and connected security platforms, cybersecurity must be viewed as part of the full security environment.

Read more...
Enterprises must prepare for digital conflict
Information Security
Cyberattacks can be launched remotely and at scale. A coordinated attack launched from anywhere in the world can disrupt supply chains, shut down utilities, or expose millions of customer records within minutes.

Read more...
71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...
You will not get your files back with VECT
Information Security
If the newbie to the ransomware scene, VECT, comes knocking at your organisation’s door, do not pay the ransom! The decryption keys simply do not exist. They were discarded at the moment of encryption by the malware itself.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.