Cybersecurity News and Headlines
  • All Technology
  • AI
  • Autonomy
  • B2B Growth
  • Big Data
  • BioTech
  • ClimateTech
  • Consumer Tech
  • Crypto
  • Cybersecurity
  • DevOps
  • Digital Marketing
  • Ecommerce
  • EdTech
  • Enterprise
  • FinTech
  • GovTech
  • Hardware
  • HealthTech
  • HRTech
  • LegalTech
  • Nanotech
  • PropTech
  • Quantum
  • Robotics
  • SaaS
  • SpaceTech
AllNewsDealsSocialBlogsVideosPodcastsDigests

Cybersecurity Pulse

EMAIL DIGESTS

Daily

Every morning

Weekly

Sunday recap

NewsDealsSocialBlogsVideosPodcasts
CybersecurityNewsUnit 42: Nearly Two-Thirds of Breaches Now Start with Identity Abuse
Unit 42: Nearly Two-Thirds of Breaches Now Start with Identity Abuse
DefenseCIO PulseCybersecurity

Unit 42: Nearly Two-Thirds of Breaches Now Start with Identity Abuse

•February 17, 2026
0
CyberScoop
CyberScoop•Feb 17, 2026

Why It Matters

Identity‑centric weaknesses give attackers unfettered access, magnifying breach impact and financial loss. Strengthening credential hygiene and zero‑trust controls is now essential for enterprise resilience.

Key Takeaways

  • •Identity abuse caused ~66% of initial intrusions.
  • •Social engineering comprised one‑third of 750 incidents.
  • •Poor identity policies expanded breach blast radius.
  • •Median ransomware payment rose 87% to $500k.
  • •Attackers exfiltrate data in under one hour.

Pulse Analysis

Unit 42’s latest incident‑response report confirms that identity abuse now fuels roughly two‑thirds of all network intrusions. Of the 750 cases examined, social engineering alone accounted for a third, while compromised credentials, brute‑force attacks and lax identity policies filled the remainder. This shift reflects a broader industry reality: attackers increasingly target the human element and the digital identities that grant access to critical systems. As organizations adopt cloud services and SaaS applications, the number of exploitable identities multiplies, turning weak credentials into a universal backdoor.

Detecting identity‑based abuse remains notoriously difficult because legitimate authentication generates massive telemetry, obscuring malicious misuse. Unit 42 notes that nearly 90 % of incidents involved an identity element beyond initial access, highlighting how over‑permissive policies and mis‑configured integrations create a cascade of footholds. The rise of machine‑generated identities and AI agents further widens the attack surface, while API keys and SaaS connectors become soft targets in the software‑supply chain. Without granular visibility, security teams struggle to separate the signal of an abnormal user action from the noise of everyday activity.

Enterprises must move beyond perimeter defenses toward a zero‑trust, identity‑centric model. Continuous credential hygiene, adaptive multi‑factor authentication, and automated de‑provisioning can shrink the blast radius once an account is compromised. Micro‑segmentation of cloud workloads and strict API‑access policies further limit lateral movement. Investing in behavior‑analytics platforms that flag anomalous privileged actions gives defenders the early warning needed to disrupt attacks before data exfiltration. As ransomware payouts climb—median payments jumped 87 % to $500 k—effective identity governance is becoming the decisive factor between a contained incident and a costly breach.

Unit 42: Nearly two-thirds of breaches now start with identity abuse

Read Original Article
0

Comments

Want to join the conversation?

Loading comments...