The password “admin123” seemed harmless enough until hackers used it to infiltrate an entire corporate network, stealing customer data and shutting down operations for days.
This real case, shared at South Africa’s 2025 IT Indaba, shows how human mistakes continue to create massive security holes even as companies spend millions on advanced cybersecurity tools. New research reveals that human errors cause 68% of all data breaches in 2024, with manual processes still dominating critical security tasks.
Security Teams Build Walls While Employees Leave Doors Open
Companies treat security like building a fortress. They install expensive firewalls, hire security experts, and buy the latest threat detection software. But they forget that employees hold the keys to the kingdom.
“Our analysts and developers assume that every new feature, every API we deploy and every line of code we write could and most probably will be targeted in an attack. If you have that mindset, it changes everything”, said Jan-Jurgens van der Walt, business unit head of technology at iOCO, during his presentation on security-first development practices.
His team embeds security specialists into every project from day one. They don’t add security at the end like most companies do. They bake it into the foundation.
Johan van Dyk, executive head of forensic services at XTND, sees the aftermath when companies take shortcuts. The printer attack happened because someone never changed the default login credentials. Basic human oversight created a billion-rand security disaster.
Manual Security Processes Create Predictable Failures
Recent data from Cerby’s 2025 Identity Automation Gap report exposes alarming gaps in how companies handle basic security tasks:
- 41% of employees still share passwords through spreadsheets and email
- 89% of companies rely on workers to manually turn on multi-factor authentication
- 59% of IT teams manually add and remove user access rights
These manual processes fail because humans forget, make mistakes, or skip steps when rushed. Companies that experienced security breaches from manual identity work lost customers (43%) and business partners (36%) as direct consequences.
Neil van Wyngaard, solutions architect at iOCO, argues that automation removes these human failure points entirely. “If the process of giving people access to resources was automated, you can prevent people from having access to systems they are not supposed to have access to,” he explained during the IT Indaba session.
Voice Technology Catches Dishonest Employees Before They Start
Traditional background checks miss a crucial element which is honesty. Van Dyk’s forensic team now uses voice technology to test integrity before hiring people for security-sensitive roles.
“In our business, we make use of voice technology, which is not intrusive at all. It can be done by telephone, it is not language dependent, and it helps us test honesty before we employ or appoint people,” van Dyk revealed.
The technology analyzes speech patterns to detect deception without requiring face-to-face meetings or specific languages. Several cybersecurity partners now use this approach to verify their staff members actually follow security protocols.
Voice testing addresses a growing concern that insider threats account for 23% of cybersecurity breaches in financial services alone, according to industry statistics.
Security Automation Reduces Errors, But Faces Trust Issues
Automation prevents the memory lapses and shortcuts that create security gaps. Van Wyngaard demonstrated how automated systems continuously monitor access rights and immediately flag unusual activity.
“If the security becomes invisible, sitting behind the scenes while automation maintains it, people don’t mind because they don’t have to do it. The moment it becomes a chore, they avoid it or make mistakes,” he noted.
However, artificial intelligence adoption in security faces resistance. While 78% of security leaders don’t trust AI to fully automate core identity tasks, 45% support collaborative approaches where humans oversee AI decisions.
Companies successfully using automation report dramatic improvements. Van Dyk’s firm maintained the same 75-person workforce over three years while dramatically increasing productivity through AI and process automation. No employees lost jobs; instead, they learned to work alongside automated tools.
Business Leaders Must Champion Security Culture
Technical solutions fail without leadership support. Van der Walt emphasized that embedding security requires both clear governance and daily habits reinforced by executives.
“Security should not be about adding a gate. It should be about creating secure habits and making them part of your delivery process,” he stated.
Teams that integrate security reviews into every development phase and discuss security incident lessons create lasting cultural change. This approach transforms security from a compliance checkbox into a competitive advantage.
Companies treating security as an afterthought face predictable consequences. The Ponemon Institute found that 52% of enterprises experienced security breaches caused by manual identity management processes.
AI Security Requires Careful Data Separation
As companies adopt AI tools, new vulnerabilities emerge. Van Wyngaard warned against storing sensitive information directly in large language models.
“You can’t put sensitive information into the model. Keep it in a database, expose it via an API, and use two AI layers. One determines the intent, the other verifies the user before retrieving data. That way, you can’t hack the AI,” he advised.
This approach separates generic AI capabilities from confidential business data, preventing attackers from accessing sensitive information even if they compromise the AI system.
The combination of secure development practices, automated processes, and strong leadership support creates resilient security programs. Companies that master this inside-out approach transform their biggest vulnerability, which is human behaviour, into their strongest defense.
