SC Media: Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw

Nick Walker, Regional Director, EMEA at NetSPI, in an article published in SC Magazine, warns that identity compromise, not exotic malware, remains the most dangerous weakness in enterprise cybersecurity. Read the preview below or view it online.

+ + + 

The front door is wide open.

Regarding “Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw” (NetSPI, August 2025): The majority of today’s most damaging breaches start not with technical wizardry, but with stolen or misused credentials. Abuse of valid accounts is now tied with phishing as the leading initial attack vector, accounting for 30% of incidents. Once inside, attackers using genuine logins can move unnoticed, blending into normal workflows and evading traditional detection tools.

This threat is no longer confined to IT systems. Recent deepfake-driven recruitment scams have seen operatives secure remote developer roles under entirely fabricated identities, complete with AI-generated video overlays. Such impostors can operate for weeks without triggering alarms, conducting malicious activity under the guise of routine business.

Walker argues that countering this requires an identity-first defence built on strong, phishing-resistant multifactor authentication, least-privilege access policies, and AI-driven User and Entity Behaviour Analytics (UEBA) to detect subtle deviations from normal activity. Organisations must also treat identity alerts with urgency, automating password resets, token revocations, and verification prompts to contain breaches quickly. The shift is as much cultural as technological, but by modelling and monitoring behaviour, defenders can turn trust in valid credentials from a liability, into a clear warning signal.

You can read the full article here.