Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      China nets a falling rocket in reusability race with SpaceX

      China nets a falling rocket in reusability race with SpaceX

      10 July 2026
      Battlefield tech could save lives on South Africa's roads - Dithoto Modungwa

      Battlefield tech could save lives on South Africa’s roads

      10 July 2026
      Customers prefer ChatGPT to your company's AI chatbot

      Customers prefer ChatGPT to your company’s AI chatbot

      10 July 2026
      South Africans warm to AI doing their shopping: DHL

      South Africans warm to AI doing their shopping: DHL

      10 July 2026
      OpenAI debuts ChatGPT Work - and GPT-5.6 - in enterprise push

      OpenAI debuts ChatGPT Work – and GPT-5.6 – in enterprise push

      10 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      Watts & Wheels S1E7: 'Ferrari's EV breaks the internet'

      Watts & Wheels S1E7: ‘Ferrari’s EV breaks the internet’

      8 July 2026
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
    • Opinion
      The author, Fanie van Rooyen

      South Africa can still catch the AI wave – here’s how

      7 July 2026
      The author, Fanie van Rooyen

      The AI utopia South Africa can’t afford

      1 July 2026
      The author, Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
      • Watts & Wheels
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Sections » Information security » The persistent risk of weak passwords in organisations

    The persistent risk of weak passwords in organisations

    Promoted | Weak passwords are still costing companies millions - it doesn't have to be like this.
    By CyberStack31 July 2025
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    The persistent risk of weak passwords in organisations - CyberStackIn an age of AI-powered threats and zero-trust frameworks, it’s remarkable how often the breach begins with something as basic (and preventable) as a bad password.

    Despite major advancements in cybersecurity technology, human error remains the single biggest risk. And at the heart of that risk? Weak, reused or easily guessed passwords.

    We have all seen them: Password123. Welcome2023. Companyname01. They’re predictable, they’re everywhere and they’re dangerous.

    Password123. Welcome2023. Companyname01. They’re predictable, they’re everywhere and they’re dangerous

    In our work across sectors such as finance, logistics, education and manufacturing, we still find weak passwords in nearly every environment we assess. Even in security-aware organisations, credentials are often the lowest-hanging fruit for attackers.

    Why? Because they work.

    Shocking statistics reveal that 57% of users admit to recycling variations of old passwords, and every 39 seconds an automated password guessing attack happens.

    Counterintuitively, the same research highlights how 30% of websites don’t allow special characters in passwords and 17% don’t insist on a minimum length for passwords.

    Bad actors don’t need to break in when they can log in. With credential stuffing, phishing and bruteforce attacks, attackers use automation to test billions of passwords across systems. If one password is reused anywhere, they’ll find it.

    A bruteforce tool can crack an eight-character, lowercase password in seconds. A longer, complex password with mixed characters might take years. That time difference is your margin of safety.

    The real-world impact of one bad credential

    When a password falls into the wrong hands, it’s rarely a one-system compromise. Malefactors use it as a foothold. They escalate privileges, move laterally and map out the network. They don’t just steal data, they take full control.

    The 2023 breach of Knights of Old, a UK logistics firm, is a sobering example. One weak password allowed attackers to gain entry. The result was a ransomware incident, operational shutdown and over 700 job losses. The company was forced into administration.

    Unfortunately, this is not an isolated case. Password-related breaches have affected hospitals, schools, banks, governments and pretty much anywhere identity lies at the heart of access.

    Once inside, threat actors don’t stay still. They steal intellectual property, customer data and financial records. They can shut down critical systems, which can lead to massive business continuity failures.

    The damage goes far beyond downtime. Legal woes, hefty regulatory fines, and loss of customer trust and confidence are often worse than the incident itself.

    Why weak passwords keep happening

    Weak credentials persist not because we lack tools, but because we underestimate how humans use them.

    Here’s what we often find in the field:

    • Lack of employee training: Without awareness, users default to convenience. They choose simple passwords or reuse them across accounts.
    • Weak or unenforced password policies: If you’re not mandating complexity, length, and expiration, weak passwords will thrive.
    • No multifactor authentication: Relying solely on a password is asking for trouble. If MFA isn’t enforced across all sensitive accounts, a single stolen password becomes a full compromise.
    • Poor visibility into credential hygiene: Many organisations don’t have tooling in place to audit password strength or reuse patterns.
    • Shadow IT and credential sprawl: Employees sign up for third-party tools using work emails and duplicate passwords, increasing risk without anyone noticing.

    The result is a dangerous combination of good intentions and bad habits.

    Building a strong password culture

    A password policy needs to be more than a compliance document. It must become a behavioural framework. It must enforce best practices and support users in doing the right thing by default.

    At a minimum, an effective password policy should:

    • Insist on at least 12-character passwords with a mix of uppercase, lowercase, numbers and symbols;
    • Prevent the reuse of recent passwords;
    • Enforce password changes every 90 to 180 days;
    • Lock accounts after repeated failed login attempts;
    • Encrypt passwords at rest using strong hashing algorithms; and
    • Mandate MFA, particularly for privileged and remote access.

    However, policies alone aren’t enough. Implementation is where most organisations fall short. The success of any policy depends on consistent enforcement and ongoing user education.

    What CyberStack is doing about it

    At CyberStack, we find weak passwords during most our assessments, and this doesn’t matter whether the client is an SME with a single IT admin or a multinational enterprise with a full security operations centre.

    That’s why we’ve built a practical, results-driven solution, a two-day password policy and awareness training course designed to help teams:

    • Understand why strong passwords matter (and how attackers exploit the weak ones);
    • Build passwords that balance security and usability;
    • Avoid common traps like reuse and predictable phrases;
    • Spot phishing attempts that seek to harvest credentials; and
    • Implement and enforce a policy that fits your organisation’s risk profile.

    We also tailor the course to your environment, whether you’re in healthcare, retail, education or financial services.

    At the end of the day, this isn’t just about passwords, it’s about culture. It’s about ensuring that your first line of defence (your users) are equipped to protect themselves and your business.

    Learn more or sign up for CyberStack’s password training at cyberstack.co.za.

    • Read more articles by CyberStack on TechCentral
    • This promoted content was paid for by the party concerned

    Don’t miss:

    Why it’s time to take cybersecurity compliance seriously

    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    CyberStack
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleMicrosoft set to join the $4-trillion club
    Next Article Reimagining HR – predictive insights and AI are the C-suite’s untapped advantage

    Related Posts

    Building strong channel partnerships - lessons from CyberStack and Trend Micro

    Building strong channel partnerships – lessons from CyberStack and Trend Micro

    1 July 2025
    Why it's time to take cybersecurity compliance seriously - CyberStack

    Why it’s time to take cybersecurity compliance seriously

    10 February 2025

    Elevating endpoint security for small enterprises

    6 November 2024
    Add A Comment

    Comments are closed.

    Company News
    Rain supercharges 5G with Huawei

    Rain supercharges 5G with Huawei

    10 July 2026
    Africa's data centres: AI, edge computing and new energy demands - Vertiv OADC Open Access Data Centres

    Africa’s data centres: AI, edge computing and new energy demands

    9 July 2026
    The best way to automate customer engagement using AI and WhatsApp - CM.com

    The best way to automate customer engagement using AI and WhatsApp

    9 July 2026
    Opinion
    The author, Fanie van Rooyen

    South Africa can still catch the AI wave – here’s how

    7 July 2026
    The author, Fanie van Rooyen

    The AI utopia South Africa can’t afford

    1 July 2026
    The author, Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    China nets a falling rocket in reusability race with SpaceX

    China nets a falling rocket in reusability race with SpaceX

    10 July 2026
    Battlefield tech could save lives on South Africa's roads - Dithoto Modungwa

    Battlefield tech could save lives on South Africa’s roads

    10 July 2026
    Customers prefer ChatGPT to your company's AI chatbot

    Customers prefer ChatGPT to your company’s AI chatbot

    10 July 2026
    Rain supercharges 5G with Huawei

    Rain supercharges 5G with Huawei

    10 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}