Identity is the new cyber battleground

A lot of cyberattacks now start with a valid username and password, not a smashed firewall. PwC said in its March 24, 2026 threat report that resilience now depends on governing identity fast and validating trust continuously. (pwc.com) That shift changes the picture from “someone broke in through a window” to “someone walked in with a copied badge.” PwC’s framing is that identity, not the network edge, is becoming the main place where attackers and defenders meet. (pwc.com) The reason is simple: stolen access is quieter than malware. A criminal using a real employee account can look like ordinary traffic until they touch payroll systems, customer records, or cloud admin tools. (techinformed.com) Verizon’s 2025 Data Breach Investigations Report found credential abuse in 22% of breaches, making it the top initial access path, just ahead of vulnerability exploitation at 20%. Verizon analyzed more than 22,000 incidents and 12,195 confirmed breaches for that report. (verizon.com) Microsoft saw the same pattern getting bigger, not smaller. In the first half of 2025, identity-based attacks rose 32%, and more than 97% of them were large-scale password attacks such as password spraying, where attackers try a few common passwords across many accounts. (microsoft.com) Artificial intelligence makes that playbook faster. PwC said attackers are using artificial intelligence for reconnaissance, phishing, and malware development, which means they can find targets, write convincing messages, and test access paths at much higher speed. (securityweek.com) That is why the old perimeter model keeps slipping. If staff log in from home networks, contractors use cloud dashboards, and software talks to other software through application keys, the “inside” of a company is no longer one office behind one gate. (pwc.com) The security controls getting more attention are the boring ones tied to identity. That means tighter sign-in rules, stronger multi-factor authentication, shorter-lived admin privileges, and systems that flag a login from the wrong country, device, or hour. (microsoft.com) Third parties make the problem wider. Verizon said third-party involvement in breaches doubled to 30%, which means a supplier’s account, support login, or connected tool can become the easiest route into a larger company. (verizon.com) PwC also split the risk by industry, which shows why identity is not one abstract problem. Financial services faces credential theft and business email compromise, retail faces attacks aimed at customer data, and healthcare still faces ransomware that can disrupt care. (techinformed.com) So the budget fight inside companies is likely to move away from buying one more wall and toward checking who is asking for the keys. In an era of artificial intelligence-assisted phishing and mass password attacks, the safest account is no longer the one behind the strongest perimeter, but the one that is hardest to impersonate. (pwc.com)