Cybercriminals No Longer “Break In” – They Simply Log In
In the past 18 months, boardrooms across the UK have seen cybersecurity jump to the top of their agendas as a string of major breaches exposed critical vulnerabilities in sectors ranging from retail and finance to automotive manufacturing. The most recent high-profile victim, Jaguar Land Rover, was forced to halt production for five weeks late in 2024 after a cyberattack disrupted its supply chain—and cost the UK economy an estimated £1.9 billion in lost output and mitigation expenses.
From Brute Force to Credential Abuse
According to Mark McClain, founder and CEO of identity security firm SailPoint, the nature of these attacks has shifted dramatically. “The bad guys don’t break in anymore, they log in,” he warns. Rather than hacking their way through firewalls, modern attackers are harvesting or purchasing legitimate credentials to move silently through networks, exploiting excessive permissions and evading detection for months on end.
- Attackers leverage stolen user names and passwords to access systems just like normal employees.
- Once inside, they escalate privileges or abuse services accounts, granting themselves broader access.
- This lateral movement allows them to steal data, install malware, or disrupt operations without triggering standard intrusion alarms.
Identity: The New Security Perimeter
McClain argues that identity security—managing who or what can access which resource—must become the central pillar of any defence strategy. Traditional tools like firewalls and antivirus software remain vital, but they cannot stop threats that originate from valid credentials. Today’s attackers frequently target both human and non-human identities, including:
- Bots and service accounts, which often have broad, unattended permissions.
- Contractors and seasonal workers, whose access rights may be forgotten after they leave.
- AI agents, semi-autonomous software that can adapt its behaviour and even test new attack vectors in real time.
Retail giants like Marks & Spencer and the Co-op have each suffered breaches linked to compromised credentials, while the National Cyber Security Centre reports that almost half of all nationally significant incidents involve advanced persistent threat actors using stolen or spoofed identities.
Adaptive Identity: A Defensive Framework
To counter these sophisticated threats, organisations are turning to an “adaptive identity” approach. This model dynamically adjusts access permissions based on context—device health, network location, time of day, and even user behaviour—revoking rights aggressively when they’re no longer needed.
- Just-in-time access: Grant employees or machines only the privileges required for a specific task, for a limited time.
- Continuous evaluation: Monitor sessions in real time, automatically triggering re-authentication or lockouts if anomalies appear.
- Zero trust architecture: Assume that every identity could be compromised and verify continuously, rather than trusting a login once validated.
When applied rigorously, adaptive identity can rapidly neutralise attacks that slip past traditional perimeter defences, making stolen credentials far less valuable to attackers.
AI: Double-Edged Sword
As businesses race to capitalise on generative AI for productivity gains, McClain cautions that ungoverned adoption opens new vulnerabilities:
- Deepfakes and AI-powered social engineering campaigns grow more sophist ic ated, fooling even vigilant employees.
- Unregulated use of personal AI tools means shadow IT and data exfiltration risks multiply.
- According to the MIT State of AI in Business 2025 report, over 90 percent of employees use personal AI services, yet only 40 percent of firms have sanctioned the tools officially—and under 5 percent see meaningful returns on investment.
SailPoint’s “industry-first” identity controls for AI agents focus on behavioral monitoring, policy enforcement, and end-to-end audit trails—ensuring that new AI deployments accelerate business outcomes without introducing hidden attack surfaces.
Regulatory Pressure and Boardroom Oversight
High-profile cyber incidents have driven a seismic shift in corporate governance. More companies are recruiting Chief Information Security Officers or cybersecurity experts onto their boards, treating cyber risk with the same gravity as financial or operational exposures. Leaders now ask:
- “Where are we exposed today, and what safeguards do we have in place?”
- “How quickly could we detect and respond to a credential-based breach?”
On the national stage, the UK government’s cyber resilience initiatives—from mandatory 24-hour breach reporting under the proposed Cyber Resilience Bill to plans for a “Brit Card” digital ID system—underscore the need for robust, distributed identity controls rather than a single central authority.
Balancing Innovation with Security
As the wave of AI adoption, complex identity landscapes, and rising regulatory demands converges, organisations must strike a delicate balance. Rapid roll-out of AI tools offers competitive advantage—but without precise, contextual identity governance, such deployments risk becoming the very vectors attackers exploit.
- Invest in adaptive identity solutions that continuously verify every login, session, and API call.
- Audit non-human identities—bots, service accounts, AI agents—to ensure they run with the least privilege.
- Embed cybersecurity expertise at board level, driving strategic investment in identity-centric defenses.
In a world where “the bad guys don’t break in,” identity is your first and most critical battlement.