Brendon Meyer (left), senior solutions engineer, and Nick Black, sales director at BeyondTrust. Most breaches originate in identity, and the explosion of non-human identities presents a serious risk to organisations, according to Brendon Meyer, senior solutions engineer, and Nick Black, sales director at BeyondTrust. They were speaking at the ITWeb Security Summit 2026 in Sandton.Black told delegates that securing humans was already a massive challenge, but the proliferation of non-human identities has caused the attack surface to explode. "Recently, it was estimated that there are around 45 non-human identities for every one human identity in organisations – but this number is rising fast. We are witnessing the single largest expansion of the attack surface in history.”He warned that attackers do not break in – they log in using stolen or compromised credentials. “With South Africa experiencing some of the highest weekly cyber attack rates globally, legacy firewalls are powerless against adversaries executing operations using valid, stolen credentials.”Black said 2026 South African threat telemetry showed that 79% of organisations admit they cannot fully audit privileged path access in their networks. He noted that the Financial Sector Conduct Authority (FSCA) and Prudential Authority’s Joint Standard 2 on Cybersecurity is now active. Financial entities and their third-party supply chain vendors face mandatory structural audits and risk catastrophic penalties or licence suspensions for non-compliance or failed audits.Black highlighted recent breaches featuring identity failures, including hackers hijacking a low-level employee’s workstation keys, or harvesting credentials from a downstream vendor.Privileged access management (PAM) and identity security involve more than storing and rotating passwords in a vault while allowing controlled access to authorised individuals, Black and Meyer said.Meyer said the concept of least privilege access has been ingrained for years, but organisations now need to grant permissions on the fly through just-in-time access and dynamic privilege elevation for specific tasks, rather than giving users permanent access rights. “Modern organisations also need to centrally manage role-based access,” he said.Meyer and Black urged organisations to focus on identities and their privileges, to be more proactive about security, and to blend prevention and detection using solutions that eliminate blind spots, visualise and shut down attack pathways, pinpoint identity-based anomalies and guide remediation.