This article is part of VentureBeat’s special issue, “The cyber resilience playbook: Navigating the new era of threats.” Read more from this special issue here.
Deepfakes, or AI-driven deception and weaponized large language models (LLMs) aren’t just cyber threats; they’re the new weapons of mass exploitation. Adversaries aren’t just hacking systems anymore; they’re hacking people and their identities.
Impersonating executives, bypassing security with stolen credentials and manipulating trust at scale are all redefining the new threatscape. It’s an all-out cyberwar with identities hanging in the balance. AI and generative AI are giving adversaries an edge in how quickly they can fine-tune and improve their tradecraft.
The result: Massive breaches and ransomware demands that are setting new records and fueling double extortion demands.
CrowdStrike’s 2024 Global Threat Report highlights this concern, revealing that 60% of intrusions now involve valid credentials, revealing the growing threat of identity-based attacks. Jeetu Patel, Cisco’s EVP and CPO, describes the fundamental problem enterprises face: “The attacks are getting very coordinated, but the defenses are very isolated. That dissonance is not a healthy distance to have.”
Shlomo Kramer, cofounder and CEO of Cato Networks, echoed that view: “The era of cobbled-together security solutions is over.” Cato’s rapid growth underscores how businesses are moving to unified, cloud-based security to eliminate these gaps.
Adversaries ranging from rogue attackers to nation-state cyberwar units are prioritizing the exfiltration of identities at scale and profiting from them for financial and political gain (sometimes both).
It’s on security leaders and their teams to shift their security postures to adapt and stop identity-driven attacks, beginning with continuous authentication, least privilege access and real-time threat detection. VentureBeat research has revealed that organizations are doubling down on zero-trust frameworks and its core concepts to thwart identity-driven attacks.
The high cost of identities are under siege
Deloitte’s Center for Financial Services predicts that gen AI could drive fraud losses in the U.S. to $40 billion by 2027, up from $12.3 billion in 2023. This projection underscores the escalating threat posed by deepfake technology and other AI-driven fraud mechanisms.
In 2024, deepfake fraud attempts occurred at a rate of one every 5 minutes, contributing to a 244% surge in digital document forgeries. In addition, 49% of businesses globally reported incidents of deepfake fraud in 2024.
Gartner warns of growing blind spots: “Scope expansion and increasingly distributed IT environments are leading to identity access management (IAM) coverage gaps.”
Deepfakes typify the cutting edge of adversarial AI attacks, seeing a 3,000% increase last year alone.
A recent survey by Deloitte found that 25.9% of organizations experienced one or more deepfake incidents targeting financial and accounting data in the 12 months prior.
Enterprise leaders don’t fear brute force attacks as much as identity breaches no one sees coming. The most lethal thing about an identity-based attack is the element of surprise. Adversaries often lurk on networks for months, installing ransomware and exfiltrating thousands of identities before launching double extortion attacks and holding identities hostage.
Zero trust or zero chance: Why IAM must evolve now to counter cyber threats
The traditional perimeter-based security model is a liability. In today’s world of mechanized and machine-speed attacks orchestrated with weaponized AI, any organization relying purely on perimeter-based systems is at an immediate disadvantage.
With relentless cyberattacks aimed at breaking endpoints and seizing control of identities first — then entire networks — trust is a vulnerability no one can afford. Assuming trust between endpoints or across networks leaves too many gaps that adversaries are identifying with improved reconnaissance tradecraft.
The only viable defense against identity attacks is zero trust, a framework built on continuous verification, least privilege access and the assumption that a breach has already happened. For a blueprint, refer to the National Institute of Standards and Technology’s (NIST) zero trust architecture. It is one of the most-used documents by organizations planning and implementing zero trust frameworks, deployment models and use cases to harden enterprise security.
Zero trust delivers an entirely new perspective and approach to securing organizations. Enterprises are encouraged to operate from the mindset of how they’d react if they’d already been breached.
Segmenting endpoints and systems, ensuring least privilege access on every identity and their many credentials and constantly monitoring every request for services or access and tracking those to identify anomalous activity is key. Simply assuming trust across a network — or worse, on endpoints — is an open invitation to a breach that can go unnoticed for months or years.
By enforcing least privilege, an identity can only use a resource (whether data source, application or network) for a specific period. As Patel explained: “Security is a data game. If you just aggregate telemetry, you don’t get the resolution of security you need.”
Every IAM vendor today has AI-driven anomaly detection that automates the identification of credential misuse and privilege escalation before an attacker moves laterally. Many are also pursuing machine identity management, as they now outnumber human identities by a factor of 45 times — the typical enterprise reports having 250,000 machine identities.
Patel observed: “You cannot deal with these attacks at human scale anymore. You have to deal with them at machine scale.” That focus is reflected in vendors’ product roadmaps. In 2024 alone, Cato Networks expanded its secure access service edge (SASE) cloud platform with extended detection and response (XDR), endpoint protection platform (EPP), digital experience monitoring (DEM) and IoT/OT security to address the proliferation of non-human identities across global operations.
Gartner highlights a shifting strategy: “IAM is evolving as enterprises recognize that point solutions are failing. Security leaders are now looking toward integrated security platforms that provide identity-first defenses across hybrid and multicloud environments.”
To support this point, Cato Networks reported 46% ARR growth in 2024 to surpass $250 million. The company credits this surge to enterprises seeking a single cloud-based platform rather than stitching together multiple-point solutions. More than 3,000 businesses are adopting Cato SASE, signaling a clear shift to integrated, cloud-based security. This kind of broad adoption illustrates that zero-trust-enabled solutions have quickly become a mainstream defense strategy.
Gartner’s Market Guide for Identity Governance and Administration (IGA) highlights key vendors leading this transition:
- IGA: SailPoint, Saviynt, Omada;
- Privileged access management (PAM): CyberArk, Delinea, BeyondTrust;
- Access management: Okta, Ping Identity, ForgeRock;
- Identity threat detection and response (ITDR): CrowdStrike, Cisco, Zscaler, SentinelOne;
- Machine identity management: Venafi, Keyfactor, AWS, HashiCorp.
Patel told VentureBeat that he predicts massive consolidation in the market. “There won’t be 3,500 security vendors in the future. There will be a handful of platforms that truly integrate security across domains.”
For CISOs, this means selecting adaptive platforms that unify IAM, ITDR and zero-trust principles, rather than managing disconnected tools that create silos. The vendors that dominate will be those that seamlessly integrate identity security, threat detection and AI-powered automation into a single system of intelligence.
Cyber-resilience begins with identity — act now or fall behind
There’s a cyberwar waging, and identities hang in the balance. Adversaries ranging from nation-state cyber war units to ransomware gangs delivering AI-powered automated attacks are setting a swift pace.
Hackers are moving at machine speed, exploiting identity gaps and weaponizing trust to infiltrate organizations before security teams can react.
The data is clear: 60% of breaches now involve valid credentials; deepfake fraud attempts occur every five minutes; and identity-based attacks lurk unseen for months before detonating into double-extortion ransom demands. Meanwhile, traditional security models reliant on perimeter defenses and isolated IAM tools are failing — leaving enterprises exposed to sophisticated, AI-driven threats.
The choice is stark: Zero trust or zero chance.
The post Identity is the breaking point — get it right or zero trust fails appeared first on Venture Beat.
