+44 (0) 1242 652100

Insights

Back to all posts

Identity Security Beyond Passwords: addressing the modern attack surface
  • Posted in Blog Posts

Identity has become one of the primary targets in modern cyber-attacks.

Rather than exploiting software vulnerabilities or deploying malware, attackers increasingly focus on gaining access to legitimate user accounts. Once authenticated, they can operate within systems using valid credentials, potentially avoiding detection if they can blend into ordinary user traffic.

This shift has significant implications for how businesses approach cyber security.

Why just passwords are no longer sufficient

Passwords alone have long been recognised as a weak form of authentication. Common issues include:

  • Password reuse across systems
  • Weak or predictable passwords
  • Exposure through phishing or data breaches

Whilst it is true that multi-factor authentication (MFA) has improved security, it is not a complete solution.

And in the wild, we are now seeing the adversaries make use of various techniques designed to bypass or undermine MFA, including:

  • Social engineering to obtain authentication codes
  • MFA fatigue attacks that prompt users repeatedly until access is granted
  • Token theft and session hijacking

These techniques allow adversaries to gain access without needing to compromise systems at a technical level.

Identity as the new perimeter

As businesses adopt cloud services, remote working and SaaS platforms, traditional network boundaries have become a secondary target, not just the primary one.

Access to systems is now primarily controlled through identity platforms such as single sign-on (SSO) and directory services.

This makes identity infrastructure a critical component of organisational security.

If attackers gain access to a privileged account, they may be able to:

  • Access multiple systems through SSO
  • Escalate privileges within cloud environments
  • Extract sensitive data
  • Create persistent access through additional accounts or tokens

The challenge of detecting identity-based attacks

Identity attacks are often difficult to detect because they use legitimate credentials.

Activity such as logging in, accessing files or using applications may appear normal, even when performed by an adversary.

This requires businesses to move beyond simple authentication controls and focus on behavioural monitoring and anomaly detection.

Indicators of potential compromise may include:

  • Impossible travel (Logins from two locations at similar times)
  • Rapid privilege escalation
  • Abnormal data access patterns

Strengthening identity security – How to fix it?!

To address these risks, businesses should take a layered approach to identity security.

Key measures include:

  • Enforcing strong MFA across all critical systems. (With Pin Requirement.)
  • Implementing least privilege access controls
  • Regularly reviewing and removing unnecessary access
  • Training for users around social engineering and adversarial behaviour.
  • Monitoring authentication and access behaviour
  • Securing identity infrastructure and configuration

Security testing can also help identify weaknesses in authentication systems and access controls.

The role of testing and simulation

Penetration testing and Red Teaming exercises are particularly valuable for assessing identity security.

These engagements simulate real-world attack techniques, including:

  • Credential harvesting
  • Privilege escalation
  • Lateral movement using compromised accounts

By testing identity controls in practice, businesses can identify gaps that may not be visible through policy or configuration reviews alone.

Identity security as a core capability

As adversaries continue to prioritise identity-based attacks, businesses must treat identity security as a core component of their cyber security strategy.

Protecting identities is no longer just an IT function. It is fundamental to protecting data, systems and business operations.

Prism Infosec provides penetration testing and red team services that simulate real-world identity-based attack techniques.

These assessments help businesses identify weaknesses in authentication systems, access controls and identity infrastructure before they can be exploited.

If your organisation is looking to strengthen its identity security posture, Prism Infosec can provide practical insight into where your defences may be vulnerable.

Learn more about Prism Infosec’s penetration testing services: here

About the author

GC Headshot Final
George Chapman
George Chapman is a Senior Security Consultant with a background spanning red teaming, incident response, penetration testing, and vulnerability research. His work bridges offensive and defensive disciplines, enabling him to deliver robust security evaluations and strategic guidance that help organisations identify weaknesses and improve their overall cyber maturity.
Linkedin-in

Back to all posts

Insights

Browse more insights

Strategic Cyber Incident Exercises
  • Blog Posts
Strategic Cyber Incident Exercises: Preparing Leadership for the Moments That Matter
Pen test vs GRC
  • Blog Posts
Penetration Testing vs GRC: Why Organisations Need Both to Manage Modern Cyber Risk
Smart devices
  • Blog Posts
When Smart Devices Become Security Risks: From Robot Hoovers to Connected Fridges
Supply Chain
  • Blog Posts
Software Supply Chain Attacks Are Increasing: What Organisations Should Do Now
From Vulnerability Discovery to Effective Remediation
  • Blog Posts
From Vulnerability Discovery to Effective Remediation
Vuln update
  • Security Vulnerability Update
Exploitation of BeyondTrust Remote Support and Privileged Remote Access (CVE-2026-1731)
Ransomware in 2026
  • Blog Posts
Ransomware in 2026: Why Extortion Tactics Are Evolving
Telnet vuln
  • Blog Posts, Security Vulnerability Update
CVE-2026-24061: Critical Telnet Vulnerability Highlights the Ongoing Risk of Legacy Protocols
Exploiting Mobile Apps
  • Blog Posts
Exploiting Mobile Apps Using Frida
Back to all news
the-cyber-scheme
pci
Crest
cbest
CHECK Penetration Testing (Dark Logo)
Cyber Incident Exercising
Cyber Incident Response Standard Level logo

Experiencing a security breach?
Contact the cyber security experts now

Prepare

Respond

Manage

About us
LuxisAI
Case studies
Sectors
Insights
Careers
Get in touch