× Business BUSINESS MOTORING SHIPPING & LOGISTICS DR PESA FINANCIAL STANDARD Digital News Videos Health & Science Lifestyle Opinion Education Columnists Moi Cabinets Arts & Culture Fact Check Podcasts E-Paper Lifestyle & Entertainment Nairobian Entertainment Eve Woman Travelog TV Stations KTN Home KTN News BTV KTN Farmers TV Radio Stations Radio Maisha Spice FM Vybez Radio Enterprise VAS E-Learning Digger Classified Jobs Games Crosswords Sudoku The Standard Group Corporate Contact Us Rate Card Vacancies DCX O.M Portal Corporate Email RMS

Businesses still lax on identity protection amid rising attacks

By Mohamed El Nemr | Feb 15th 2022 | 2 min read
By Mohamed El Nemr | February 15th 2022

Cybercriminals have our passwords in their sights. [Courtesy]

What would you imagine your username and password are worth to a hacker?

According to the latest threat and data research, the average price for 1,000 stolen username/password pairs is around $0.97 (Sh109).

And securing 400 million username and password combinations in bulk will earn a cybercriminal around $150 (Sh16,950).

Cybercriminals have our passwords in their sights, especially in Africa where businesses are often more prone to cyberattacks than companies anywhere else in the world.

According to one report, Kenya ranked second in Africa, experiencing 28.3 million cyberattacks. South Africa ranked first with 32 million attacks.

With weak passwords, password spraying and phishing, the entry point for most attacks, identity is the new battleground of cyberthreats.

And for organisations looking to protect themselves, preventing an identity from being misused or stolen, is now the highest priority. According to the first edition of Microsoft’s new quarterly cyberthreat intelligence brief titled Cyber Signals, there has been low adoption of strong identity authentication, such as multifactor authentication and passwordless solutions.

Just 22 per cent of Microsoft’s Cloud Identity Solution, Azure Active Directory, users had implemented strong identity authentication protection as of December 2021.  Among the key recommendations for organisations looking to increase their level of security is through practices like multifactor authentication (MFA) and passwordless upgrades.

They can begin with privileged accounts to gain protection quickly, then expand from there.

The second is to prevent passwords from falling into the wrong hands by enabling MFA. You can take this a step further by eliminating passwords altogether and, at the same time, eliminating administrative privileges through passwordless MFA.

Though passwords are a prime target for attacks, they’ve long been the most important layer of security for everything in our digital lives. People are expected to create complex and unique passwords, remember them, and change them frequently.

But this is highly inconvenient, and nobody likes doing that. Ultimately, a passwordless future is a safer future. The third recommendation is to review account privileges regularly.

Privileged-access accounts, if hijacked, become powerful weapons attackers can use to gain greater access to networks and resources. Your security teams should audit access privileges frequently.

Share this story
Iraki: Why bailout of ailing State firms is counterproductive
Giving firms monopolies or raising tariffs to keep off competing products are other forms of subsidy.
BRT: Why local bus assemblers have no reason to smile
Requirement for capacity to supply electric or biodiesel-powered buses disqualifies Kenyan vehicle assemblers from lucrative tender that will now go t