Reghardt Van Der Rijst, Practice Lead: Identity, Altron Security.
There’s an uncomfortable truth that most South African executives would rather not confront: the biggest threat to their organisation’s security isn’t some shadowy hacker operating from a distant continent. It’s the person who just badged into the building this morning.
Not because your employees are malicious. Most aren’t. But because in today’s hyper-connected enterprise, every single identity, whether human or machine, represents a potential doorway for attackers. And most organisations have left those doors not just unlocked, but wide open.
The numbers paint a sobering picture. Check Point’s 2026 Cyber Security Report shows that – globally – organisations experienced an average 1 968 attacks a week, a figure that increased 18% year-on-year and is up 70% since 2023. Behind these breaches are security issues such as a stolen password, an over-privileged service account or credentials harvested through increasingly sophisticated phishing campaigns.
The identity explosion nobody planned for
Consider what’s happened to the average enterprise over the past five years. The workforce has fragmented across offices, homes and coffee shops. Cloud applications have multiplied exponentially. And quietly, almost invisibly, machine identities, the service accounts, application programming interfaces (APIs) and automated processes that keep digital operations humming, have proliferated to outnumber human users by orders of magnitude.
Each of these identities requires access to systems and data. Each one needs permissions. And each one, if compromised or misconfigured, becomes an attack vector.
Here’s where it gets uncomfortable: most organisations have no clear picture of how many identities exist within their environment, what access those identities have or whether that access is still appropriate. The financial controller who left six months ago might still have active credentials. The test account created for a project in 2019 might still enjoy administrator privileges. The third-party contractor’s service account might have access to production databases nobody remembers granting.
This is the inevitable consequence of organic growth in complex environments. But it’s also precisely what attackers are counting on.
Why traditional defences are failing
For years, organisations have approached identity security the way they approach home security: install locks, hand out keys and hope for the best. Identity and access management systems were implemented to control who could access what. Privileged access management tools were deployed to protect the most sensitive accounts. Governance frameworks were established to ensure compliance.
These tools remain essential. But they were designed for a world that no longer exists, one where the perimeter was clear, the workforce was stable and the pace of change was measured in quarters rather than hours.
Today’s attackers don’t break down doors. They walk through them using legitimate credentials. They exploit the gap between what your policies say should happen and what actually happens in practice. They target the identity sprawl that accumulates in every organisation like sediment in a river.
Artificial intelligence (AI) has accelerated this threat dramatically. Attackers now deploy AI to craft convincing phishing campaigns, to identify vulnerable accounts at scale and to automate credential-stuffing attacks that would have been impossible just years ago. Static, rule-based defences simply cannot keep pace with threats that learn and adapt in real-time.
The shift from reactive to proactive
This is why leading organisations are fundamentally rethinking their approach to identity security. Rather than waiting for breaches and responding after the damage is done, they’re adopting what security professionals call identity security posture management: a continuous, automated approach to identifying and remediating identity risks before attackers can exploit them.
The concept is straightforward, even if the implementation is not. Instead of periodic access reviews and manual certification campaigns, imagine continuous visibility into every identity across your environment. Instead of hoping configurations are correct, imagine automated detection of misconfigurations, excessive entitlements and policy violations. Instead of scrambling to demonstrate compliance during audits, imagine being audit-ready every single day.
This proactive stance doesn’t replace the need for detection and response capabilities. When breaches do occur, and they will, organisations need the ability to identify compromised credentials, detect privilege escalation attempts and contain threats before they spread. Identity threat detection and response provides this capability, using AI and machine learning to spot anomalous behaviour and trigger immediate containment.
Together, these approaches form the foundation of what security frameworks increasingly call zero trust: the principle that no identity, human or machine should be trusted by default, and that verification must be continuous rather than one-time.
South African organisations face a particular urgency. Balancing Protection of Personal Information Act compliance with international requirements, managing infrastructure that often spans legacy and cloud environments, and operating in an economy where every rand spent on security must demonstrably reduce risk, these constraints demand approaches that are both effective and efficient.
The alternative is unpleasant to contemplate. Identity breaches don’t just result in regulatory fines, though those are increasingly significant. They erode customer trust, disrupt operations and consume executive attention that should be focused on growth and innovation.
More fundamentally, they represent a failure of stewardship. Every organisation holds identities in trust: employee credentials, customer data, partner access. Protecting those identities isn’t just a technical requirement. It’s an obligation.
The question facing South African business leaders isn’t whether identity security deserves attention. It’s whether that attention comes before or after the breach that forces their hand.
For more information on strengthening your organisation’s identity security posture, visit https://eu1.hubs.ly/H0rhVfZ0.
