Enterprise security is facing a major challenge when it comes to identity protection. Rather than going after complex server or operating system vulnerabilities, the majority of security breaches are now occurring through low-tech methods of identity compromise, particularly through social engineering tactics.
Matt Caulfied, VP of product identity at Cisco, explains that social engineering has been a longstanding method used by attackers to gain access. By tricking individuals into giving up their account information, attackers can navigate through systems and access sensitive data.
One common tactic used by attackers is spearphishing, which has evolved with the help of AI. Attackers can now create target lists, identify close relatives of targets, and send convincing emails and texts at scale. This has increased the effectiveness of social engineering attacks, even for those with limited language skills.
Despite the rising awareness of identity-related breaches, there is still a disconnect between awareness and implementation in many organizations. Cisco Duo’s 2025 State of Identity Security report revealed that 51% of organizations have experienced financial losses due to identity breaches, yet 74% of IT leaders view identity security as an afterthought in their infrastructure planning.
Caulfield emphasizes the complexity of solving identity security issues, as it involves a combination of social, psychological, and technical aspects. While there are methods to prevent identity breaches, they often come with high costs and operational challenges.
To address these challenges, strong identity and access management (IAM) must be prioritized as the foundation of enterprise security. This approach is crucial as AI agents become more integrated into organizations, posing new security threats.
In the current landscape, trust is shifting from network-based systems to cryptographic identity authentication. This means that trust is established based on the user’s identity rather than their network or device. As a result, traditional methods of authentication such as second-factor and multi-factor authentication are no longer sufficient, as they can be vulnerable to hacking.
Phishing-resistant authentication is now considered the gold standard for security, as it significantly reduces the risk of identity-based attacks. However, the adoption of phishing-resistant MFA approaches has been limited due to complexity and cost barriers.
Identity security is increasingly being recognized as a critical investment, with many organizations increasing their budgets for identity security. However, security should not be treated as an add-on but as an essential enabler for workforce productivity and customer interactions.
Integrated tools that offer interoperability in multi-cloud environments can simplify security operations, reduce costs, and improve organizational efficiency. By consolidating identity vendors, organizations can streamline their security processes and enhance overall visibility.
Overall, phishing-resistant authentication is key to adopting an identity-first approach to security. By prioritizing identity management and security, organizations can enhance security, productivity, and IT efficiency.
For more insights on identity security trends and strategies, you can download Cisco Duo’s report, The 2025 State of Identity Security: Challenges and Strategies from IT and Security Leaders.
(Note: This article is a sponsored post and was produced in collaboration with Cisco. For more information on sponsored content, please contact sales@venturebeat.com.)