Identity compromise emerges as top cyberattack route

Cohesity executive Brett Chase has warned that identity compromise has become the dominant entry point in cyberattacks against Australian organisations. Supply chain consultant Alan Win says identity management is also playing a larger role in day-to-day operations across partner networks.

These comments come ahead of Identity Management Day and highlight how weaknesses in identity systems now sit at the centre of both cyber risk and operational resilience. Both point to the growing impact on revenue, customer trust, and the smooth running of supply chains.

Brett Chase, Director of Sales Engineering, APJ at Cohesity, described identity as the central battleground in modern cyber incidents. He linked the sharp rise in materially significant cyber events in Australia to basic failures in how organisations govern and secure identity systems.

"Identity is at the core of today's cyber threat landscape. Nine out of ten cyberattacks now start with identity through compromised credentials or misused identities. In Australia, the rise of materially significant cyber incidents makes it clear that weak or inconsistent identity management practices remain a major but preventable root cause," Chase said.

He argued that many organisations still view identity management through a human-only lens. Focusing on employees, role-based permissions, and access to applications and data no longer reflects how digital environments operate.

"Historically, identity management has been viewed through a narrow, human-centric lens, focused on employee access controls, enforcing role-based permissions, and ensuring workers have the right level of access to applications and data. But that view is now outdated."

Attackers are increasingly using social engineering and credential abuse to gain initial access. Common methods include phishing, password spraying, multi-factor authentication fatigue, and credential-stealing malware.

"The reality is that this no longer reflects today's digital environments. When identity controls are weak, attackers exploit the gaps using social engineering, credential theft, and technical exploits. Techniques such as phishing, password spraying, MFA fatigue, or credential-stealing malware allow attackers to gain an initial foothold. Once inside, they impersonate legitimate users, escalate privileges, and move laterally across networks, often undetected, to gain access to critical systems and data," Chase said.

He also highlighted the rise of non-human identities as organisations adopt generative AI, automation, and agentic systems. These identities include scripts, workloads, and AI agents that interact with data at speed and scale. "The rapid adoption of generative AI, automation, and emerging agentic systems has also increased the prevalence of non-human identities such as scripts, workloads, and AI agents that can access and act on data at speed. Without proper governance and controls, these non-human identities can become an unmonitored pathway for attackers."

"When identity systems are compromised, the consequences extend far beyond IT. Cohesity's latest Cyber Resiliency Report revealed that 85% of enterprise businesses in Australia experienced a materially impactful cyberattack in the past year, and the consequences were immediate and measurable: 90% suffered revenue loss, more than 30% lost more than 10% of revenue."

"Furthermore, 41% of organisations lost customers and more than half faced lawsuits or class-action litigation, highlighting the real business consequences when trusted data is exposed. To stay ahead, organisations must take an identity-first approach to resilience - one that brings together identity management and identity resilience. Identity management supports the day-to-day identity and access operations, such as provisioning, authentication, authorisation, and lifecycle tasks, while identity resilience focuses on protecting, securing, recovering and performing forensics on identity systems," he said.

That approach places identity repositories such as Active Directory and Microsoft Entra ID in a special protection tier. These assets require continuous monitoring and the ability to be quickly restored to a clean state after an incident, according to Chase.

"This means treating critical platforms like Active Directory and Entra ID as Tier 0 assets, ensuring they are not only well-managed, but actively protected and continuously monitored. Just as importantly, organisations need the ability to rapidly recover trusted identity systems and investigate incidents, so they can remove attacker access and restore operations with confidence. Because in today's threat landscape, identity is not only the point of entry, it's how attackers persist. True resilience comes from being able to both defend it and take it back."

While Chase focused on cyber risk, Alan Win, founder and chief executive officer at Middlebank Consulting Group, linked identity management to supply chain performance. 

"Identity management is playing a bigger role in supply chains, though many organisations still treat it as a compliance checkbox. In practice, unclear access or limited visibility can create knock-on effects across partners and processes. Companies that use identity management day to day often notice practical improvements. Onboarding runs smoother, errors are caught earlier, and oversight becomes more tangible. Digital credentials and traceable interactions help, but they are only part of the story. Human judgment and constant attention remain critical. When identity management is treated as both a safeguard and an operational tool, supply chains become easier to manage and less prone to unexpected disruption," Win said.