What's Happening?
Palo Alto Networks' threat intelligence firm, Unit 42, has released its annual incident response report, revealing that identity-based techniques were responsible for nearly two-thirds of all initial network intrusions last year. The report highlights that social engineering was the most common attack method, accounting for one-third of the 750 incidents Unit 42 responded to in the year ending September 2025. Attackers often bypassed security controls using compromised credentials, brute-force attacks, and overly permissive identity policies. The report underscores the significant role identity abuse plays in cyberattacks, with identity-related elements involved in nearly 90% of incidents. Poor security controls and misconfigurations across
interconnected systems are cited as major contributors to this issue.
Why It's Important?
The findings of the Unit 42 report underscore the critical need for improved identity management and security practices within organizations. As identity abuse becomes a primary vector for cyberattacks, businesses face increased risks of data breaches and financial losses. The report indicates that financially motivated attacks were prevalent, with median payments in such incidents rising by 87% to $500,000 last year. The rapid pace at which attackers can exfiltrate data, often within two days, further emphasizes the urgency for robust security measures. Organizations, particularly those with legacy systems, must address these vulnerabilities to protect sensitive information and maintain operational integrity.
What's Next?
Organizations are likely to face increased pressure to enhance their identity management systems and security protocols. This may involve adopting more sophisticated detection mechanisms to identify unauthorized activities, even when they occur under the guise of legitimate access. As the attack surface continues to expand with the rise of machine-based identities and AI agents, companies will need to invest in comprehensive security solutions that address both human and machine identities. Additionally, there may be a push for regulatory measures to ensure that businesses implement adequate security controls to mitigate the risks associated with identity abuse.
Beyond the Headlines
The report highlights a broader issue within cybersecurity: the challenge of detecting malicious activities amidst legitimate operations. As organizations grow and integrate more complex systems, the difficulty of identifying and responding to identity-based threats increases. This situation calls for a paradigm shift in how cybersecurity is approached, moving from siloed defenses to a more holistic view of the attack chain. The findings also suggest a need for greater collaboration between businesses and cybersecurity experts to develop strategies that can effectively counteract the evolving tactics of cybercriminals.
