Identity-first approach urged in cybersecurity strategies

Tue, 8th Apr 2025

The growing reliance on digital identities in modern cybersecurity landscapes has spurred discussions among industry experts about the necessity of an identity-first security approach. Leading professionals in the cybersecurity field have emphasised the significance of robust identity management strategies, especially in light of the increasing prevalence of credential theft and malware attacks.

Fabio Fratucello, Field CTO at CrowdStrike, has highlighted a critical shift in attack strategies. Fratucello states, "Today's adversaries aren't breaking in—they're logging in." This reflects a paradigm where cybercriminals exploit identity gaps and stolen credentials, allowing them to infiltrate systems discreetly.

As documented in CrowdStrike's 2025 Global Threat Report, 79% of attackers' initial access is now conducted without malware, with access broker activities having surged by 50% over the past year. Fratucello asserts that the current threat landscape renders traditional malware-focused defences inadequate, prompting a necessity to focus on identity-centric security principles.

The need for an identity-first approach aligns with the conversations surrounding Identity Management Day, a call for organisations to reassess their security frameworks. Fratucello advocates for several measures crucial to this transformation, such as implementing zero trust principles, enhancing identity monitoring, and deploying multi-factor authentication (MFA). The focus is also on eliminating unnecessary access privileges and utilising AI for threat detection and intelligence.

Echoing these sentiments, Patrick Harding, Chief Product Architect at Ping Identity, points out the complex challenge of securing human identities and those associated with artificial intelligence. As AI begins to undertake more autonomous roles, Harding stresses the importance of adopting zero-trust architectures and decentralised identity models to mitigate potential security risks.

Morey Haber, Chief Security Advisor at BeyondTrust, elaborates on the proactive measures to protect digital identities against human and non-human threats. Haber underscores the transition from reactive security approaches to dynamic authentication and continuous user education, highlighting Identity Management Day as an opportunity to strengthen personal and organisational identity risk postures.

Ezzeldin Hussein, Senior Director of Solutions Engineering at SentinelOne, places digital identities at the core of cybersecurity strategies. Hussein emphasises that identity security entails more than access; it ensures trust, accountability, and resilience within the digital environment. The focus should be on securing credentials, enforcing least privilege, and creating a cyber-aware culture to mitigate identity-related breaches, one of the most exploited attack vectors.

Phil Swain, Chief Information Security Officer at Extreme Networks, discusses the accelerated pace of threat environments due to AI-driven attack cycles. Swain remarks that organisations must significantly reduce their response times, shifting from days or weeks to mere hours or minutes, to effectively manage and counteract these fast-evolving threats. Educating employees becomes essential as human error remains a formidable security vulnerability, despite implementing advanced security controls.

As organisations reflect on their cybersecurity strategies during Identity Management Day, industry experts continually advocate for an identity-first approach. This involves adopting comprehensive measures and utilising advanced technologies to secure digital identities, thus fortifying businesses and individuals against the escalating cybersecurity threats of the modern digital age.

Share on: