Notifications
Clear all
Topic starter
25/06/2026 3:24 pm
TL;DR: Hybrid identity systems across Greek enterprises still face critical gaps, with identity compromise frequently enabling network takeover, disruption, and data theft, according to Semperis. The takeaway is that continuous monitoring and recovery planning now sit at the center of resilience, not the edge.
NHIMG editorial — based on content published by Semperis: Semperis and ADAPTIT to work jointly to help organisations close hybrid identity infrastructure gaps
By the numbers:
- In 90% of ransomware attacks, threat actors compromise an organization's identity system, usually Active Directory, frequently resulting in data theft and massive business disruptions.
- Semperis says its technology protects over 100 million identities from cyberattacks, data breaches, and operational errors.
Questions worth separating out
Q: How should security teams reduce the impact of a hybrid identity compromise?
A: They should focus on limiting blast radius, not just preventing initial access.
Q: Why do hybrid identity systems create such large enterprise risk?
A: Because they often control both authentication and authorization across users, workloads, and admin workflows.
Q: What should organisations look for in continuous identity monitoring?
A: They should look for abnormal privileged changes, federation anomalies, and account activity that does not match normal administrative behavior.
Practitioner guidance
- Map directory trust dependencies end to end Inventory which business services, admin workflows, and non-human accounts depend on Active Directory and Entra ID.
- Correlate identity telemetry across on-prem and cloud Combine directory change logs, authentication events, and privileged activity monitoring so abuse cannot hide between environments.
- Test identity recovery as a live operating procedure Run recovery exercises that restore directory services, privileged accounts, and trust relationships in the order the business actually needs.
What's in the full analysis
Semperis' full article covers the operational detail this post intentionally leaves for the source:
- How Semperis and ADAPTIT describe the hybrid identity gaps they see in Greek enterprises
- The specific operational resilience themes behind continuous monitoring and rapid recovery in Active Directory and Entra ID environments
- The partner context for organizations in telco, financial services, transportation, utilities, and retail
- The company statements that frame why identity compromise can lead to full network takeover and business disruption
👉 Read Semperis' announcement on hybrid identity resilience with ADAPTIT →
Hybrid identity gaps: what this means for IAM resilience teams?
Explore further
25/06/2026 4:55 pm
Hybrid identity resilience is now a control-plane issue, not an IAM subtopic. When Active Directory and Entra ID sit at the center of access, recovery, and trust, compromise of that layer can cascade across users, workloads, and operations. That is why identity protection has to be evaluated as part of business continuity, not only security tooling. The practitioner takeaway is to treat identity as a resilience dependency.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 20% of organisations have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: Who is accountable when identity compromise causes operational disruption?
A: Accountability typically sits with the teams responsible for identity governance, infrastructure resilience, and incident response, because the failure spans all three disciplines. In hybrid estates, restoring endpoints is not enough if the identity layer is still compromised. Governance must define who owns trust restoration and recovery validation.
👉 Read our full editorial: Hybrid identity gaps remain the weak point in enterprise resilience
