'Business cannot rely solely on 2FA'

Staff Writer
By Staff Writer
Johannesburg, 13 Feb 2023
Martin Potgieter, co-founder and technical director of Nclose.
Martin Potgieter, co-founder and technical director of Nclose.

Research into the cyber security market in 2022 is proof enough that businesses will have to prepare for the worst in 2023 says Martin Potgieter, CIO at Nclose.

Potgieter refers to market research from Statista. “In 2022, the number of data breaches went up by 167% in the third quarter compared with the second, and the average cost of a data breach rose to $9.44 million, up from $9.05 million in 2021. These numbers from Statista paint a picture of security threat and risk that organisations cannot afford to ignore.”

Fortunately, companies are now paying attention, says Potgieter.

“Organisations have stopped thinking that the attacks are going to happen to someone else and started to think about how to put defences in place. It used to be very difficult for security teams and professionals to get through to decision-makers. Now, people are listening, and they are asking the right questions – how can they embed security? What security is the best fit for their business? And, how can they train their people?”

This is a good step in the right digital direction, particularly in light of how the other trends for 2023 cyber security are shaping up, Potgieter says.

Hackers have found smart ways of bypassing two-factor authentication (2FA).

Martin Potgieter, Nclose.

One of the trends is that two-factor authentication (2FA) has become a cat-and-mouse game.

“Hackers have found smart ways of bypassing 2FA,” says Potgieter. “One way is to bombard the user with 2FA requests until they get annoyed and accept them, providing the hackers with the information they need to get into the system. Regardless of the hack methodology, it’s clear today that the business cannot rely solely on 2FA.”

Another trend, largely triggered by the ingenuity of the hackers in getting past users, is to increase user training and awareness.

Companies have come to realise that the human firewall isn’t that great, Potgieter explains. “Stolen passwords, user error, poor passwords – these are the most common causes of successful attacks on the business which means that users need constant training to remind them of the risks. Hackers are going to continue trying to find ways of exploiting users and companies will have to keep up to keep them out.”

But it’s ransomware that tops the list of cyber security concerns this year, Potgieter continues.

“The attackers are shifting their approaches and methodologies as systems become more secure and intelligent. In the past, hackers would break in, encrypt everything and take a copy of the data and then demand a ransom to decrypt it. Now, they are going straight to stealing the data and extorting the victims – it involves less risk with a lower chance of being detected and potentially easier profit.”

Unemployment threat

Potgieter says unemployment is an issue and the oncoming recession and ongoing economic challenges may see more people turn to cyber crime to make a living “and this could result in increased attacks and a far more volatile landscape.”

“The upshot is that companies need to be far more vigilant going into 2023 than ever before,” he concludes. 

“The cybe rcrime market is rich and evolving with criminals taking advantage of any flaw, vulnerability or mistake that they can. The profit in a hack is high, so the crime won’t stop. Companies have to prepare for the worst and expect the worst, and this means investing into security that can evolve with the business, the threat landscape and the trends.”