COMMENTARY: Security leaders and practitioners face new and increasingly complex
identity‑based threats including phishing, credential theft, deepfakes, and privilege misuse.
Nearly 80% of detections in CrowdStrike’s
2025 Global Threat Report were malware‑free, indicating that attackers relied on other techniques, such as social engineering and stolen credentials, to impersonate legitimate users, bypass controls, and escalate privileges.
[
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
To better understand the challenges organizations face today, we gathered
insights from attendees at three major global cybersecurity conferences in 2025:
Black Hat USA in Las Vegas;
Infosecurity Europe in London; and the
it-sa Expo&Congress in Nuremberg. Across all regions, practitioners cited identity as the new perimeter.
Why all the focus on identity?
Survey respondents consistently reported that identity‑based threats now surpass all other cyber risks. Phishing, credential theft, deepfakes, and privilege misuse ranked ahead of ransomware as the most likely sources of major breaches over the coming year. At Black Hat USA, 45% identified phishing as their primary concern and 41% cited deepfakes. Infosecurity Europe mirrored those results with phishing as the top identity-based threat for 50% of respondents and deepfakes for 42%.
These statistics reflect real‑world, costly incidents. The
September 2025 Jaguar Land Rover (JLR) cyberattack demonstrates how identity‑based techniques, including vishing and credential theft, can cripple an organization’s global operations. Threat actors from
Scattered Spider, Lapsus$ and ShinyHunters infiltrated JLR’s IT environment, causing severe production shutdowns and supply chain disruptions.
Digital identities have proliferated as hybrid, multi‑cloud and AI‑enabled environments expand. Every user, device and
non‑human identity (NHI) represents a potential entry point. Outdated authentication methods and incomplete identity governance heighten exposure, making modernization an urgent priority.
AI: A double-edged sword
Cybercriminals now use AI to create more convincing phishing campaigns, generate deepfakes, automate ransomware and escalate privileges at scale.
However, confidence in defending against AI‑enhanced attacks remains low across regions. Only 12% of Infosecurity Europe respondents and 16% at Black Hat USA said their organizations are fully prepared. At it-sa Expo&Congress, readiness was slightly higher at 28%, but nearly one‑third of respondents expressed only partial confidence.
AI‑enhanced attacks are mainstream threats. Financial institutions report AI-driven voice cloning that circumvents authentication, and enterprises face increasingly targeted spear phishing attacks. Low‑level criminals can now impersonate executives with off-the-shelf deepfake tools.
While AI creates new risks, it also unlocks defensive advantages. Organizations adopt AI‑driven identity validation and behavioral analytics to validate identities, detect anomalies and terminate high-risk behavior in real time.
More than half of respondents across all three regions cited AI‑driven validation as the most impactful innovation for identity security, with 53% at Infosecurity Europe, 57% at Black Hat USA and 60% at it-sa Expo&Congress. Organizations that embed AI into identity and access frameworks can potentially gain visibility and resilience. Those that hesitate to adopt AI-enabled technologies risk falling behind amid accelerating threats and rising automation.
The importance of privileged access management
Despite universal agreement that identity has become central to cybersecurity, privileged access controls remain inconsistent. Security leaders know the path forward: strengthen privileged access, enforce multi-factor authentication (MFA) and operationalize zero-trust.
Yet gaps persist. Across all three conferences, four in 10 organizations lack consistent MFA enforcement or comprehensive privileged access management (PAM) coverage. At Black Hat USA alone, 40% said their organization does not consistently enforce MFA for privileged accounts.
The February 2024
Change Healthcare attack, which compromised the data of more than 190 million Americans, stemmed from a single server lacking basic MFA. Bridging the divide between awareness and execution demands disciplined processes, continuous measurement and responsible use of AI across every layer of defense.
Achieving cyber resilience requires converting awareness into action. Here's what to do: secure identities, enforce least privilege, and embrace intelligent automation.
Modernizing identity controls and integrating AI thoughtfully into their security stack can help organizations withstand today’s threats and build secure, scalable growth for the future.
Darren Guccione, co-founder and CEO, Keeper SecuritySC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
