With cybercrime now officially ranked as the top business risk in South Africa, NEC XON has issued a critical alert about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region.
With rising incidents and evolving threat tactics, NEC XON is calling on organisations to rethink security from a static, reactive necessity to a strategic, AI-driven business imperative.
“Credentials have become the skeleton key to an organisation’s digital assets,” says Armand Kruger, head of cybersecurity at NEC XON. “We’ve uncovered over 10 000 compromised South African credentials on the dark web during recent client assessments. That’s not just a statistic – it’s an open invitation to attackers.”
These credentials are harvested using malware known as credential stealers, which infect devices such as smartphones and computers to extract all stored login information – whether saved in browsers or on the device itself.
Cyber adversaries use these stolen credentials to access services such as online banking and other consumer platforms, take over accounts, and cause significant harm.
Attackers’ favourite entry point
According to the IBM 2024 Cost of a Data Breach Report, compromised credentials are now the most common entry point for attackers in South Africa, responsible for 17% of breaches and costing companies an average of R56-million per incident.
The scale is equally alarming at the human level: Mimecast’s 2024 research shows that 40% of breaches are caused by human error – often through phishing and stolen passwords – yet only 22% of companies provide ongoing cybersecurity training.
Kruger explains that, in several vulnerability assessments, NEC XON traced stolen credentials to South African domains and active infrastructure – with no multi-factor authentication in place.
“It’s like leaving the front door open and being shocked when someone walks in,” he says.
Corporate credentials are often used to access remote services such as RDP and VPN on corporate networks, enabling attackers to gain an initial foothold in the environment—a common tactic employed by ransomware operators targeting enterprises.
Cybercriminals are calling in AI – so should you
And now, attackers are calling in the cavalry: AI. According to the World Economic Forum Artificial Intelligence and Cybersecurity Report (2025), AI has democratised cybercrime, giving attackers tools to scale up phishing campaigns, automate social engineering, and develop adaptive malware. NEC XON confirms this shift.
“Cybercriminals are no longer working harder – they’re working smarter with AI,” says Kruger. “That’s why traditional security models are failing. They simply don’t have the resources or speed to keep up.”
The Kaspersky IT Security Economics Report (2025) echoes these concerns, revealing a 26% rise in password-stealing malware across Africa in 2024. Picus Labs’ Red Report 2025 noted a 300% surge in credential theft.
The solution, Kruger argues, is to match AI with AI.
“Cybersecurity shouldn’t be a grudge purchase. It is a business continuity asset. We work to integrate advanced AI technologies to move beyond detection – towards proactive, adaptive, business-aligned protection. Cybersecurity is fundamentally about risk management—it’s centered on building resilience, the ability to withstand and recover from cyber-attacks
He says that, ideally, AI-driven security solutions should include:
- Real-time threat detection and response – Automated investigations allow human experts to shift focus from damage control to prevention.
- Business risk quantification – Aligning security with operational goals improves resilience and reduces cost.
- Optimised security spend – AI efficiencies deliver strong protection without waste.
“Our own managed detection and response (MDR) team recently demonstrated this in action,” Kruger says. “AI systems intercepted a ransomware threat to a client’s systems by automatically quarantining the malware, disabling compromised credentials, and isolating the endpoint before any damage was done – with no human intervention required.
“Cybercriminals don’t wait for board meetings, technical evaluation criteria, RFPs, change control, or operational reviews to assess capabilities – they act with curiosity and intent, constantly probing to see how far functionality can be exploited. That’s why AI in cybersecurity isn’t optional anymore – it’s a business investment.”
Security visibility is another major focus. A trusted partner should deliver AI-driven cybersecurity as a real-time, consumption-based service, including:
- Live dashboards
- Instant response reports
- Collaboration tools that break down digital silos