Identity continues to be a main target in today’s security environment. Attackers are focusing efforts on users, credentials, and access paths, making identity-based attacks a frequent challenge for IT and security leaders.
Many organizations face incomplete or inconsistent MFA coverage. While multi-factor authentication is widely adopted, it’s not always applied uniformly. Some legacy systems may not support modern authentication methods, and certain user groups may be exempt from MFA policies due to technical limitations or business exceptions.
These inconsistencies create weak points that attackers actively seek out, especially when stolen credentials are readily available through phishing or the dark web.
Others are dealing with privileged access that’s grown too broad over time, where users accumulate elevated permissions that are not always tracked or revoked when no longer needed. Often, there’s no formal process to revisit or remove these privileges when they’re no longer needed.
This creates a larger attack surface and gives threat actors more opportunities to move laterally once inside the network. Without regular audits and role reviews, privileged access remains a persistent and often hidden source of risk.
Security teams with limited visibility into risky or anomalous access behavior often struggle to detect suspicious activity tied to misuse of valid credentials. While traditional monitoring tools can flag obvious violations, they may miss subtle indicators like a user accessing resources at unusual hours or downloading large volumes of data from systems they don’t normally use.
Without baselines, it becomes difficult to distinguish between legitimate activity and potential threats. Limited visibility into these behaviors delays detection and response, allowing attackers or insider threats to operate undetected for longer periods.
In other cases, shadow SaaS tools and unsanctioned access find employees turning to cloud-based tools and services like file-sharing apps or AI tools without going through IT procurement or security review. These tools may require account creation using corporate credentials or allow data to be moved outside managed environments. Without integration into identity governance systems or single sign-on platforms, these services operate outside the organization’s control
Even when authentication and provisioning tools are in place, policy enforcement can fall short due to inconsistent or unenforced access policies. For example, identity governance rules may be followed rigorously in corporate IT systems but loosely applied in cloud platforms or development environments, creating exploitable inconsistencies.
Third-party and service account access is also a growing concern. Vendors, contractors, and machine identities often require elevated or persistent access, yet these accounts are rarely monitored with the same rigor as internal users. In many cases, credentials for service accounts are shared or left unmanaged for long periods, creating hidden entry points for attackers.
We want to hear from you: as identity becomes a primary attack surface, what do you see as the single biggest challenge in effectively defending your organization?
Your input helps identify where obstacles remain and where technology leaders are concentrating efforts. Vote now and share your view.
