MFA Fatigue Attacks: The New Social Engineering Threat Plaguing Enterprises




MFA Fatigue Attacks: The New Social Engineering Threat Plaguing Enterprises

While multifactor authentication (MFA) has long been heralded as an essential security measure for keeping corporate networks safe from cybercriminals, a new type of attack is exposing a critical vulnerability – human error.

Known as MFA fatigue or prompt spamming attacks, hackers are bombarding employees with an overwhelming number of login requests until they eventually accept one out of sheer frustration or confusion. This straightforward social engineering tactic exploits people’s psychological responses rather than relying on sophisticated hacking methods.

“MFA fatigue attacks exploit human vulnerability,” explains Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 Africa, a cybersecurity training firm. “These attacks involve sending continuous push notifications to a target who has already provided their username and password, aiming to irritate or confuse them into unwittingly granting the attacker access.”

A high-profile example occurred in 2022 when hackers breached Uber’s IT systems this way. The attackers likely purchased an employee’s corporate login credentials on the dark web, then relentlessly spammed them with MFA requests. Claiming to be from Uber IT, the hackers convinced the exhausted employee that approving one request was the only way to stop the barrage of notifications.

“Now we’re seeing attackers finding ways around it by bombarding the victim with scores of MFA requests or by tricking them over the phone,” Collard says of MFA’s perceived impregnability. “By bugging you repeatedly until you give in, malicious actors can manipulate users into approving fraudulent access attempts.”

Preventing MFA Fatigue Compromise

To prevent such attacks, Collard recommends organisations avoid using push notifications for MFA entirely. “While MFA provides an extra layer of security, it’s not foolproof. From a cybersecurity perspective, I would recommend that organisations disable push notifications altogether and rather use alternative verification methods.”

Some better options include number matching, where users match a code from their authentication app to the one displayed during login, and challenge-response methods utilising biometrics like fingerprint or facial recognition. Organisations can also adopt open standards like FIDO2, which allows passwordless logins using hardware security keys.

However, Collard emphasises that no method is immune to skilled social engineering. Ultimately, “mindfulness is key” – users must stay calm and alert to anything that feels amiss, rather than reacting rashly under pressure.

As MFA fatigue attacks demonstrate, cybersecurity’s human element remains the most critical vulnerability. With hackers constantly adapting their tactics, enterprises must provide robust technology solutions and prioritise ongoing security awareness training to safeguard against both technical exploits and insidious psychological manipulation.

Read next: Cybercriminals exploit human error as biggest security flaw

The post MFA Fatigue Attacks: The New Social Engineering Threat Plaguing Enterprises appeared first on Ventureburn.

Talent agility: The missing piece in the business agility puzzle




Talent agility: The missing piece in the business agility puzzle

Johann van Niekerk, Co-founder and CEO of Outsized, believes business leaders are overlooking a crucial component in their pursuit of agility – talent agility.

In turbulent and unpredictable markets, the ability to adapt swiftly is critical, and van Niekerk argues that talent agility enables businesses to pivot and respond adroitly to changing conditions. Rather than being constrained by rigid organisational structures, an agile talent model allows companies and their workforce to seamlessly realign, upskill, and fill gaps as needed.

“Rigid organisations, with fixed capabilities, find it very difficult to pivot or shift in periods of volatility,” says van Niekerk. “If a large corporation had enjoyed a few years of success in a growth market, it’s likely that they would have made plans to expand over the next three to five years, including hiring more people. But in the face of a sudden change, like a major economic downturn or a shift in the market which forces it to cut costs, redundancies will be almost unavoidable because it’s operating in a fixed-cost, fixed-capability model.”

The Solution: Talent-on-Demand

Van Niekerk advocates for a talent-on-demand strategy coupled with talent agility, which he believes offers clear benefits. “A more flexible organisation is able to break up work into project-based components that it can deliver quickly, while the market is still behaving the way it was when the project started,” he explains.

For instance, a department with a core team of 15 permanently employed individuals could bring in an additional 15 independent professionals during periods of heightened demand or project-based work. “In a variable-cost, flexible-capability model, the business recognises that it doesn’t need 30 people year-round and is able to reap the benefits of being more agile and more resilient to shocks,” van Niekerk notes.

Making It Work

While the concept seems straightforward, van Niekerk acknowledges that successfully implementing a talent agility strategy requires careful consideration of several key aspects:

1. Leadership Alignment: Businesses can approach talent-on-demand from either a business or HR perspective. Van Niekerk advocates for a hybrid approach that combines the speed and practicality of a business-led model with the detail-oriented, compliance-focused approach of an HR-led model.

2. Robust Onboarding: Ensuring a structured and well-designed onboarding process for independent consultants and contractors is critical. Legal, procurement, payroll, and compliance issues must be addressed upfront to mitigate risks and set up independent hires for success.

3. Pilot Testing: No talent model is perfect on paper. Van Niekerk recommends pilot testing on a small scale, learning from real-world experiences, and quickly applying those lessons before scaling up.

As more executives embrace agile talent models, van Niekerk believes businesses that successfully implement talent agility will be well-positioned to transform their growth and profitability trajectories.

Read next: How women could solve the technology industry’s talent drought

The post Talent agility: The missing piece in the business agility puzzle appeared first on Ventureburn.

Injini announces second cohort for the Mastercard Foundation EdTech Fellowship




Injini announces second cohort for the Mastercard Foundation EdTech Fellowship

• Injini, Africa’s EdTech Accelerator and Think Tank, has announced its second cohort for the Mastercard Foundation EdTech Fellowship.
• Twelve recently selected growth-stage EdTech companies will undergo a rigorous six-month program and will receive specialized acceleration support valued at over R2,500,000.

After a rigorous application and interview process, Injini is pleased to announce its second cohort of 12 EdTech companies participating in the Mastercard Foundation EdTech Fellowship with the EdTech accelerator and think tank.

“Drawing on insights gained from our inaugural cohort, we are looking forward to collaborating with these 12 companies to enhance educational outcomes in South Africa,” says Krista Davidson, Executive Director at Injini. “Through meaningful dialogues with the Department of Basic Education and provincial education departments last year, we gained valuable understanding of the most pressing needs of South African schools, learners, teachers, and parents.”

The challenges identified in these discussions include a lack of quality teachers, limited access to relevant educational resources, and the administrative burden on teachers, among others.

With this in mind, Injini is proud to announce the latest cohort of Fellows, each selected for their innovative solutions to these critical problems. These solutions range from providing one-on-one tutoring support for reading skills and offering entrepreneurial learning opportunities to optimising ICT infrastructure in schools and using gamification for financial education.

Additionally, the Fellows focus on empowering teachers with professional development tools, transforming lessons into practical tech projects, and creating inclusive learning environments with multilingual capabilities. 

The 2024 Injini EdTech Fellows are:

• Book Village: Book Village is an online tutoring platform for reading. The platform connects foundation phase learners to volunteer tutors from around the world for one-on-one support that assists learners to read at their own level and pace. Read more: https://bookvillage.co.za/

• E-Cubed: E-Cubed offers free, digital, chat-based entrepreneurial learning, connection and innovation opportunities for teachers, learners, parents and officials. E-Cubed supports mobile-first, low-tech access to easy-to-use cutting-edge services. Read more: www.ecubed-dbe.org

• EcoLabs Africa: EcoLabs Africa optimises ICT infrastructure in township and rural schools by repurposing obsolete computer equipment to create computer labs (Ecolabs). They provide end-to-end solutions for access to emerging technologies and learning programmes. Read more: https://ecolabs.africa/

• Fintr: Fintr uses games to teach children about money, combining gamified superhero narratives, practical financial exercises, and a competitive reward system. It makes financial education fun and engaging, fostering positive financial behaviours from a young age. Read more: www.fintr.io

• Global Teachers Institute (GTI): GTI partners with schools, government and higher education institutions to offer work-integrated learning placements for aspiring teachers, supporting them financially, academically, and professionally to become reflective, empathetic, and socially responsible master teachers. Read more: https://globalteachers.org/

• Grow ECD: Grow ECD provides an ECD Management App, a one-stop-shop for ECD owners and teachers, offering tools and resources for running a professional business and classroom. It is free for all ECD owners in South Africa. Read more: https://www.growecd.org.za/

• Mindjoy: Mindjoy provides an operating system for classroom learning, equipping educators with tools to transform lessons into practical tech projects, encouraging student curiosity. The platform supports STEM teachers in adopting innovative teaching approaches. Read more: https://mindjoy.com/

• Finding Thabo, by the Reach Trust: Finding Thabo is an interactive play-based game designed to stimulate key parts of the brain and build foundations for lifelong learning. Read more: https://www.thereachtrust.org/

• RoboSTEAM: RoboSTEAM specialises in teaching coding and robotics to primary school learners, providing training for teachers on integrating these skills into any classroom. Read more: https://robosteamtrain.co.za/

• SOCO_ED: SOCO_ED provides a versatile EdTech solution suitable for any industry, including content, marketing tools, remote learning features, user profiles, quizzes, and live class sessions. They offer tutoring to FET-Phase learners in South Africa. Read more: https://www.socoed.com/

• Ubuntu Education: Ubuntu’s online HUB empowers African teachers with resources, networks, and growth opportunities. Free access to courses, webinars, and articles addresses affordability and availability challenges, aiming to advance teachers’ careers and revolutionise recruitment in Sub-Saharan Africa. Read more: https://ubuntu.education/

• Vambo AI: Vambo AI empowers learners and educators with multilingual capabilities integrated into the curriculum and learning experience. Educators can create diverse, culturally relevant content across languages, fostering inclusive and effective learning environments. Read more: https://www.vambo.ai

The EdTech Fellowship, an initiative of the Mastercard Foundation Centre for Innovative Teaching and Learning (the Centre), continues to collaborate with technology and innovation hubs as well as EdTech accelerators such as Injini across Africa. This fellowship aims to bolster promising, growth-stage EdTech ventures, enabling them to scale and make a meaningful impact in education. 

The 2024 program delivered by Injini will offer:

• Dedicated support from specialists in education innovation, fundraising, impact M&E, commerce, and more.
• Pedagogical evaluation and certification by EdTech Impact and Education Alliance Finland.
• Customised market research support from Injini’s team of education innovation researchers.
• Collaboration with experts across diverse fields who will join the Fellows’ team on a temporary basis to promptly tackle specific needs, deliver customized outcomes, and bolster long-term business success.
• Networking, knowledge-sharing, and learning opportunities with key ecosystem contributors and industry experts.
• Access to a selection of courses and office hours from the Human-Computer Interaction Institute faculty members at Carnegie Mellon University – a world leader in education technology and applied learning sciences.
• The chance to contribute to a growing body of evidence documenting “what works” in African EdTech.
• Equity-free venture funding exceeding R1,000,000.

“Our mission is to catalyze and accelerate the EdTech ecosystem. That implies that we need enough EdTech entrepreneurs working on addressing education challenges in South Africa and across the continent. This year the Mastercard Foundation is onboarding and supporting a total of 96 EdTech companies across five tech hubs. With this, we hope to serve young people,” said Joseph Nsengimana, Director of the Mastercard Foundation Centre for Innovative Teaching and Learning.

“As South Africa’s education sector navigates its numerous challenges, Injini is eager to continue its work with the Mastercard Foundation in championing these Fellows and assisting them to scale their business, increase their impact and effect meaningful change in education across the region,” concludes Davidson. 

The post Injini announces second cohort for the Mastercard Foundation EdTech Fellowship appeared first on Ventureburn.

Google Cloud Taps Telecom Veteran to Lead Security Push in Middle East, Turkey and Africa




Google Cloud Taps Telecom Veteran to Lead Security Push in Middle East, Turkey and Africa

Google Cloud has appointed Noor Al-Sulaiti as head of security business development and government relations for the Middle East, Turkey and Africa, tapping a telecommunications industry veteran to spearhead the tech giant’s cybersecurity expansion in those regions.

Ms. Al-Sulaiti, former chief executive of Ooredoo Oman, will foster strategic partnerships with public-sector organisations to leverage Google Cloud’s cybersecurity solutions, including CyberShield, the company said Tuesday. CyberShield is a comprehensive offering designed to improve national security through technology, processes and resources for enhanced threat monitoring.

The hiring underscores the growing importance that Google Cloud, a unit of Alphabet Inc., is placing on cybersecurity as it competes against rivals like Amazon.com Inc.’s Amazon Web Services and Microsoft Corp.’s Azure in the cloud-computing market. Governments are key customers for such services.

“Google Cloud is continuously helping governments around the world enhance their security capabilities and respond holistically at the national level to keep their citizens and critical assets safe, and I’m ready to lead the charge to bring these capabilities to the Middle East, Turkey and Africa,” Ms. Al-Sulaiti said.

At Ooredoo Oman, Ms. Al-Sulaiti established herself as the youngest and first female CEO in the company’s history, Google Cloud said. She previously served as CEO of Starlink, a retail and IT service provider in Qatar, and held executive roles at telecom providers in Kuwait.

Ms. Al-Sulaiti has been recognised by publications such as Forbes Middle East as one of the region’s most powerful businesswomen and notable leaders.

Google Cloud said CyberShield provides technology and resources to deliver comprehensive visibility into cyberthreats. The offering can help improve national security while accelerating innovation and supporting continuous cyber defense, according to the company.

Read next: Cloud security myths that could be holding your small business back

The post Google Cloud Taps Telecom Veteran to Lead Security Push in Middle East, Turkey and Africa appeared first on Ventureburn.