Businesses still lax on identity protection amid rising attacks

Cybercriminals have our passwords in their sights. [Courtesy]

What would you imagine your username and password are worth to a hacker?

According to the latest threat and data research, the average price for 1,000 stolen username/password pairs is around $0.97 (Sh109).

And securing 400 million username and password combinations in bulk will earn a cybercriminal around $150 (Sh16,950).

Cybercriminals have our passwords in their sights, especially in Africa where businesses are often more prone to cyberattacks than companies anywhere else in the world.

According to one report, Kenya ranked second in Africa, experiencing 28.3 million cyberattacks. South Africa ranked first with 32 million attacks.

With weak passwords, password spraying and phishing, the entry point for most attacks, identity is the new battleground of cyberthreats.

And for organisations looking to protect themselves, preventing an identity from being misused or stolen, is now the highest priority. According to the first edition of Microsoft’s new quarterly cyberthreat intelligence brief titled Cyber Signals, there has been low adoption of strong identity authentication, such as multifactor authentication and passwordless solutions.

Just 22 per cent of Microsoft’s Cloud Identity Solution, Azure Active Directory, users had implemented strong identity authentication protection as of December 2021.  Among the key recommendations for organisations looking to increase their level of security is through practices like multifactor authentication (MFA) and passwordless upgrades.

They can begin with privileged accounts to gain protection quickly, then expand from there.

The second is to prevent passwords from falling into the wrong hands by enabling MFA. You can take this a step further by eliminating passwords altogether and, at the same time, eliminating administrative privileges through passwordless MFA.

Though passwords are a prime target for attacks, they’ve long been the most important layer of security for everything in our digital lives. People are expected to create complex and unique passwords, remember them, and change them frequently.

But this is highly inconvenient, and nobody likes doing that. Ultimately, a passwordless future is a safer future. The third recommendation is to review account privileges regularly.

Privileged-access accounts, if hijacked, become powerful weapons attackers can use to gain greater access to networks and resources. Your security teams should audit access privileges frequently.