Notifications
Clear all
Topic starter
27/06/2026 1:18 pm
TL;DR: Cybersecurity attacks are increasing and the panel argues that no control will catch every adversary pivot, so architecture, third-party risk management, and continuous employee awareness all matter together, according to Abnormal AI. The security gap is not a single missing tool but a programme design problem that assumes controls will always be sufficient.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams handle third-party access as part of identity governance?
A: Security teams should treat third-party access as a governed identity lifecycle, not a static vendor record.
Q: Why do layered security controls still fail against modern attackers?
A: Layered controls fail when they are designed for a stable attack path and the attacker can pivot around them.
Practitioner guidance
- Map adversary pivot paths across identity controls Trace how an attacker could move from email, vendor access, or a user prompt into privileged systems without being blocked by the next control in sequence.
- Review third-party connections as access lifecycles Inventory SaaS integrations, vendor accounts, and delegated permissions with named owners, expiration rules, and revocation procedures.
- Tie employee training to real access events Use phishing, approval, and unusual login scenarios that mirror the requests users actually see in daily work.
What to expect at the briefing
Abnormal AI's full briefing covers the operational detail this post intentionally leaves for the source:
- The panel discussion on current attack patterns affecting large organisations and the operational lessons drawn from them.
- Mike Britton and Jason Nodel's practical discussion of third-party threat exposure and defensive gaps.
- The speaker commentary on how employee training fits into a broader cyber defence model.
- The webinar framing around staying prepared against attackers that continuously pivot around controls.
👉 Watch Abnormal AI's briefing on today's cyber threat landscape and third-party risk →
Cyber threat landscape pressure is exposing control gaps for teams?
Explore further
27/06/2026 2:35 pm
Security architecture fails first where programmes assume a single control can absorb adversary adaptation. The panel's central point is that attackers do not respect control boundaries, so architectures built around one protective layer eventually depend on luck. That is not a tooling failure alone. It is a governance assumption failure about how much variability a control stack can absorb before it breaks. Practitioners should treat adaptive adversary behaviour as a design constraint, not an edge case.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, according to The State of Non-Human Identity Security.
- Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging at 37% and over-privileged accounts at 37%.
A question worth separating out:
Q: What should organisations do when controls are not catching every attack?
A: Organisations should move from control counting to control resilience. That means identifying where attackers can pivot, where trust is delegated, and where access decisions rely on human judgement. A programme is mature when it can explain which exposures remain acceptable and which ones require redesign or tighter governance.
👉 Read our full editorial: Cyber threat landscape pressure is exposing security architecture gaps
