Identities over intrusions: Identity Management Day sparks new considerations

In the contemporary digital landscape, where identity plays a pivotal role in safeguarding data and securing access, Identity Management Day serves as a crucial reminder for organisations to fine-tune their identity security strategies. 

Experts have highlighted the increasing shift in cyber threats from traditional malware tactics to the exploitation of identity vulnerabilities.

Fabio Fratucello, Field Chief Technology Officer at CrowdStrike, underscores this evolution in threat dynamics as attackers now prefer logging in to breaking in. His insights, as shared in the 2025 Global Threat Report by CrowdStrike, reveal that 79% of initial cyber intrusions are malware-free, primarily facilitated by access brokers whose activity has surged by 50% annually. This necessitates a paradigm shift in how organisations approach cybersecurity, focusing on identity-first strategies.

Fratucello advises organisations to reassess their existing security postures given the inadequacy of traditional measures against modern identity-centric attacks. 

To bolster defences, he recommends the adoption of zero trust principles, rigorous identity monitoring, utilising multi-factor authentication (MFA) and passwordless systems, and integrating AI-driven threat detection. Crucially, organisations should eliminate unnecessary access privileges and employ a unified security platform, which synergises real-time intelligence across identity, cloud, and endpoint activities to enhance visibility and eradicate potential blind spots.

Wade Ellery, Field CTO at Radiant Logic, echoes the emphasis on identity, describing it as "the currency in a digital world". According to Ellery, every digital transaction, from customer interactions to internal operations, is anchored in identity data. He notes the transformation in the industry towards securing this data for both human and non-human accounts.

Ellery observes that organisations are at various stages of strengthening their cybersecurity frameworks, depending on historical IT decisions, identity data quality, and recent technological investments. He stresses the importance of viewing identity security as a continual journey rather than a singular initiative. The focus should be on modernising, standardising, and securing identity access. This journey, he highlights, involves incremental steps that bring immediate benefits while setting the foundation for long-term improvements.

The growing recognition of identity as a cornerstone of security has reshaped strategic approaches. As Ellery remarks, the industry has moved away from proposing single-product solutions and now acknowledges the complexity of building comprehensive, cohesive platforms that address security challenges holistically.

Both Fratucello and Ellery's comments indicate a converging consensus among industry leaders on the critical role of identity management in cybersecurity. Their insights suggest that organisations should not only fortify their defences against existing threats but also anticipate future vulnerabilities by developing adaptive, identity-centric security strategies.

With the advent of Identity Management Day, organisations are reminded of the ongoing imperative to upgrade their security mechanisms in a manner that aligns with the dynamic nature of cyber threats. Taking proactive steps today ensures resilience against emerging challenges, creating a more secure digital environment that safeguards sensitive data and maintains trust.