Identity: The Unseen Frontline of Modern Cyber Warfare

In May 2021, long lines formed at gas stations across the US Southeast, with the panic caused not by a natural disaster, but by the shutdown of the Colonial Pipeline.
The entry point for the hackers was shockingly simple. Testifying before the US Senate, then-Colonial Pipeline CEO Joseph Blount confirmed the hackers gained entry via a single legacy VPN account that lacked basic, modern security. “In the case of this particular legacy VPN, it only had single-factor authentication,” he told senators. One password, without a second check, led to a declared state of emergency.
This is the new cybersecurity frontline. While many imagine cyber warfare as complex code breaking, the reality is often simpler and more devastating. A recent Cisco study, its 2025 State of Identity Security report, confirmed this is the primary battleground today, with the company revealing that just 33% of IT leaders trust their current security infrastructure to prevent an identity-based attack.
The collapsed perimeter and the zero trust mandate
The concept of a secure corporate network perimeter is an illusion. With cloud infrastructure, countless SaaS applications and a global remote workforce, the network edge is everywhere and nowhere. As Matt Caulfield, Cisco’s VP of Identity & Duo, notes from the report: “94% of leaders believe that complexity in identity infrastructure decreases their overall security.”
The necessary response is a radical shift in security philosophy. “The days of organisations having the luxury of a ‘trust but verify’ approach are over,” comments Jeetu Patel, formerly Executive Vice President and General Manager of Security and Collaboration and now President and Chief Product Officer at Cisco. “In today’s complex and hyper-distributed world, organisations must ‘never trust and always verify,’ taking a Zero Trust approach to security.”
The SolarWinds attack serves as a stark blueprint for this failure of trust. Nation-state actors compromised the software build process of SolarWinds’ Orion platform by embedding malicious code into legitimate software updates, gaining trusted access to the networks of up to 18,000 customers, including US government agencies. The attack’s brilliance was in its subversion of identity and trust: turning a verified software update into a master key.
Lapsus$: The human element as an attack vector
While nation-states exploit software supply chains, financially motivated groups like Lapsus$ exploit the human supply chain. In 2022, the group successfully breached identity management giant Okta. Their method was not a complex technical exploit, but a simple, effective compromise of a third-party contractor's account.
This highlights the acute risk of the extended enterprise, a concern echoed by the 86% of leaders who worry about inadequate security controls for contractors and third parties, according to Cisco’s research. The statistics on failure are damning, with the report finding that weak or missing Multi-Factor Authentication (MFA) accounts for 36% of all identity breaches.
Furthermore, attackers are now augmenting these human-centric attacks with technology. Matt points out that “44% of leaders consider AI-driven phishing one of the top identity threats for 2025,” turning social engineering into a highly scalable, automated weapon.
The strategy implementation gap
While the industry has a clear roadmap for strengthening identity security, the Cisco report reveals significant gaps between strategy and execution. Foundational tools for Identity Governance and Administration (IGA) are becoming standard, yet the deployment of broader Identity Security Posture Management (ISPM) solutions remains limited, with only 32% of IT teams having implemented them.
“Organisations must ‘never trust and always verify,’ taking a Zero Trust approach to security.”
This gap is most evident in the push for stronger authentication. There is a clear industry trajectory towards a passwordless future, which leaders like Microsoft CEO Satya Nadella describe as moving “to a fundamentally more secure foundation.” However, the reality on the ground is different. Adoption of the current gold standard, phishing-resistant FIDO2 hardware tokens, remains critically low at just 19% of companies, with leaders citing token management complexity and cost as major barriers.
Similarly, while 87% of leaders consider Identity Threat Detection and Response (ITDR) to be crucial, its effectiveness is often undermined by poor data integration. The report found that only 52% of organisations have fully integrated their identity and device data streams, hindering the real-time visibility needed for an effective response. The root of these issues is often a reactive culture; a significant 74% of IT leaders acknowledged that identity security is typically implemented following a security breach or to meet compliance mandates, rather than as a proactive strategy.
As Matt concludes, this mindset is no longer viable: “At Duo, we know that managing who accesses what, from where and on which device is not just a daily challenge – it’s a strategic imperative.”

