Notifications
Clear all
Topic starter
25/06/2026 2:41 pm
TL;DR: Passwords still anchor most breach paths, with Verizon reporting that 80% of breaches stem from compromised credentials, while IBM says 90% of successful cyberattacks start at endpoints. Imprivata’s acquisition of Verosint signals that access control now needs continuous identity risk detection, not just stronger login gates.
NHIMG editorial — based on content published by Imprivata: As credential-based attacks soar, identity threat detection and response becomes critical to secure access
By the numbers:
- 80% of breaches stem from compromised credentials.
- 90% of successful cyberattacks originate at endpoint devices.
- 70% of data breaches originate at endpoint devices.
Questions worth separating out
Q: What breaks when organisations rely only on authentication to secure access?
A: Authentication alone fails when valid credentials are stolen, replayed, or socially engineered.
Q: Why do compromised credentials remain so effective in modern environments?
A: Compromised credentials remain effective because they produce legitimate-looking access.
Q: How do security teams know whether identity threat detection is working?
A: It is working when suspicious access is detected quickly enough to change the outcome, not just generate alerts.
Practitioner guidance
- Instrument post-login identity telemetry Correlate login success with device posture, session behaviour, and privilege use so suspicious access can be flagged after authentication.
- Reduce reliance on reusable credentials Move the highest-risk access paths toward phishing-resistant methods and shorten the lifetime of static secrets where passwordless is not yet feasible.
- Connect IAM and NHI monitoring Treat service account tokens, API keys, and certificates as identities that also need anomaly detection.
What's in the full analysis
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- Imprivata's framing of how ITDR fits into passwordless access and enterprise access management.
- The vendor's explanation of how its acquisition of Verosint changes the integration of risk scoring into access workflows.
- The original source commentary on continuous risk assessment, anomaly detection, and automated mitigation across the access lifecycle.
- The product and platform context behind the acquisition that this post deliberately excludes.
👉 Read Imprivata's analysis of identity threat detection and response for secure access →
Identity threat detection and response: is your access model ready?
Explore further
25/06/2026 3:48 pm
Identity confidence is now a runtime control, not a login event. Access programmes that stop at authentication assume the credential itself is the control. That assumption breaks once attackers can steal, replay, or socially engineer valid access paths faster than a manual review cycle can react. Identity threat detection and response matters because it turns identity into a monitored security signal rather than a one-time gate. Practitioners should treat live identity confidence as part of the control plane.
A few things that frame the scale:
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- 46% confirmed, 26% suspected they had experienced an NHI breach, showing that identity visibility gaps remain a measurable operational problem.
A question worth separating out:
Q: Who is accountable when compromised identities are used to move through the environment?
A: Accountability sits with the identity, access, and monitoring owners jointly, because the failure spans issuance, authentication, and response. Human IAM, NHI governance, and security operations all own a part of the control chain. Frameworks such as the NIST Cybersecurity Framework 2.0 and Zero Trust Architecture both expect identity to be continuously verified and monitored.
👉 Read our full editorial: Identity threat detection and response is becoming central to secure access
