Identity Is the New Front Line How CISOs Build Identity Resilience with ITDR Webinar

Educational institutions remain high-value targets due to the volume of personal, financial, and research data they hold, combined with fragmented, decentralised IT environments. Despite increased investment, around 65% still face critical security gaps, with ransomware and phishing as dominant entry points. The takeaway is simple: without addressing legacy infrastructure and visibility gaps, investment alone won’t reduce risk.

Identity is no longer just user accounts, it includes devices, applications, services, and third-party access, all acting as gateways to critical systems and data. As organisations move to cloud and hybrid environments, identity has effectively replaced the traditional perimeter. This makes identity the most valuable and targeted control point, because valid access often bypasses traditional security layers entirely.

Attackers are increasingly using valid credentials, allowing them to move laterally in under an hour, sometimes in minutes, without triggering traditional alerts. With billions of compromised credentials in circulation, gaining initial access is often trivial. Because these attacks resemble normal user behaviour, detection requires behavioural analysis rather than reliance on signature-based or perimeter controls.

Attackers are no longer breaching networks, they’re exploiting identities, with a significant portion of attacks leveraging compromised credentials and phishing. This shift makes identity and access management the most critical control layer in modern security strategies. Strengthening identity governance, enforcing least privilege, and continuously monitoring access behaviour are now non-negotiable.

Modern environments include hybrid identity systems, SaaS platforms, federated access, and third-party integrations, all increasing the number of potential entry points. Combined with human factors like phishing and password reuse, this creates a low-effort path for attackers. Reducing this exposure requires tighter identity governance, visibility across all identity types, and stricter control over third-party and privileged access.

Regulations like GDPR and NIS2 have pushed organisations forward, but real progress comes from adopting risk-based strategies that quantify business impact. Boards now expect clear metrics such as detection times, incident response performance, and financial risk exposure.
Security leaders are translating technical vulnerabilities into business language, enabling smarter prioritisation and more effective investment decisions.

While MFA remains essential, it is routinely bypassed through techniques such as phishing proxies, token theft, SIM swapping, and MFA fatigue attacks. Long-lived sessions and “trusted device” settings further weaken its effectiveness. Organisations must layer MFA with stronger controls like phishing-resistant authentication, session management, and continuous monitoring of access behaviour.

More mature organisations are focusing on fundamentals: securing identities, endpoints, and data, while investing in continuous monitoring and faster response capabilities. At the same time, they prioritise human risk through structured awareness training and phishing resilience programmes.For smaller institutions, the priority is clear: focus on awareness, seek external expertise, and build incremental security maturity based on real risk.

Once inside, attackers exploit excessive privileges, poor role separation, and unsafe admin practices to escalate access rapidly. Common issues like embedded credentials or over-permissioned accounts can lead to full domain compromise in hours. Enforcing least privilege, limiting admin usage, and continuously validating controls through testing are critical to preventing small breaches from becoming major incidents.