Understanding Identity Attacks
Professional Security Magazine, Monday, March 16th, 2026
Identity attacks could never be described as novel or new cyber crime techniques. They have been around for years, yet they remain the biggest threat organisations face. Over the last year, security teams have faced an increase in attacks targeting corporate identities, and if defences are not prioritised, these attacks are likely to result in full-scale compromises with devastating impacts.
If a criminal wanted to break into a house using the most discreet route possible, they would focus on stealing the homeowner's keys. The keys would grant clean, straightforward entry. There would be no broken windows, no
forced doors, no unwanted attention. The access would be simple. Identity attacks operate in the same way, but instead of stealing keys, criminals steal credentials.
By compromising an employee's username and password, an attacker is granted network access, bypassing security controls and often offering them privileged access to highly sensitive data. Because this entry appears legitimate, there are often no alarms to alert security teams to a potential threat.