Notifications
Clear all
Topic starter
12/06/2026 9:57 pm
TL;DR: Financially motivated cybercrime now dominates the threat landscape, with cybercriminals sharing playbooks and ransomware tactics ranging from encryption to triple extortion, according to Arkose Labs. The practical lesson is that collaboration, MFA, and third-party risk controls must now be treated as core governance capabilities, not optional hardening.
NHIMG editorial — based on content published by Arkose Labs: an Arkose Accelerate conversation with Rachel Wilson on cybercrime syndicates, ransomware, and collaboration
By the numbers:
- The fact that 70% of malicious cyber activity is now financially motivated is a wake-up call for all of us.
Questions worth separating out
Q: How should security teams reduce ransomware risk through identity controls?
A: Security teams should focus on the identities that can open the most paths, not just the ones that log in most often.
Q: Why do third-party connections make cybercrime harder to contain?
A: Third-party connections extend trust beyond the organisation’s direct control, which gives attackers more routes to reuse stolen credentials or approved access.
Q: What do teams get wrong about MFA in ransomware defence?
A: Teams often treat MFA as a complete answer when it is only one layer of protection.
Practitioner guidance
- Harden third-party access lifecycles Inventory all external vendor, contractor, and service access paths, then tie each one to a named owner, expiry date, and revocation trigger.
- Reduce blast radius on privileged accounts Segment admin roles, remove standing access where possible, and require just enough privilege for the task at hand.
- Treat MFA as a floor, not a finish line Deploy stronger authentication for high-risk access, but pair it with device trust, conditional access, and monitoring for anomalous session behaviour.
What's in the full article
Arkose Labs' full discussion covers the conversational detail this post intentionally leaves at the strategic level:
- Rachel Wilson’s career context from the NSA to Morgan Stanley and how that shaped her view of the threat landscape
- The specific discussion points from Arkose Accelerate on cybercrime syndicates, playbook sharing, and the moral pressure behind ransomware
- Practical commentary on collaboration, MFA, and third-party risk that the source conversation expands in more detail
- The on-demand session framing that places the interview in the broader Arkose Labs event context
👉 Read Arkose Labs’ conversation on cybercrime syndicates, ransomware, and MFA →
Cybercrime syndicates and ransomware: what IAM teams should notice?
Explore further
13/06/2026 12:23 am
Cybercrime syndicates have turned identity compromise into a repeatable business model. When attackers share tactics and sell services, identity exposure is no longer an isolated event but part of an industrialised pipeline. That changes how defenders should think about access governance, because a stolen credential is now immediately reusable by a broader market of operators. Practitioners should treat identity abuse as a scaled threat economy, not a one-off intrusion.
A few things that frame the scale:
- From our research: Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: Who is accountable when a supplier account is used in an attack?
A: Accountability should sit with the business owner that approved the access, the identity team that governs the account, and the vendor management process that failed to revoke it. If the supplier path was never reviewed or offboarded, the governance failure is internal even when the attacker is external.
👉 Read our full editorial: Cybercrime syndicates and ransomware are redefining enterprise risk
