Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Privileged access and cyber resilience: what IAM teams must change


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9773
Topic starter  

TL;DR: Ransomware victims on double-extortion leak sites rose to over 7,960 in 2025, while education faced 4,352 attacks per organisation weekly and 46% of compromised systems with corporate logins were unmanaged devices, according to Check Point, Verizon, and the source article. Resilience now depends on continuous privileged access control, not project-based security.

NHIMG editorial — based on content published by Fudo Security: Why consistent application of security principles is the only path to true cyber resilience in 2026

By the numbers:

Questions worth separating out

Q: What breaks when privileged access is not centrally controlled in a cyber resilience programme?

A: When privileged access is not centrally controlled, resilience fails at the exact point where recovery and containment depend on it.

Q: Why do dormant privileged accounts increase cyber resilience risk?

A: Dormant privileged accounts increase risk because they preserve valid access after the original need has ended.

Q: How can organisations tell whether their PAM programme is actually working?

A: A PAM programme is working when privileged access can be quickly explained, challenged, revoked, and evidenced across employees, contractors, and suppliers.

Practitioner guidance

  • Map privileged access to operational criticality Inventory which identities can affect production, backup, identity, and supplier-facing systems, then rank them by blast radius rather than by job title alone.
  • Eliminate dormant privileged accounts Run recurring offboarding and recertification checks for admin, contractor, and service accounts, and remove accounts that no longer have an explicit owner or business purpose.
  • Shorten secret exposure windows Rotate exposed API keys, tokens, and credentials quickly, and pair rotation with repository scanning, endpoint hygiene, and emergency revocation procedures.

What's in the full article

Fudo Security's full article covers the operational detail this post intentionally leaves for the source:

  • The article expands on ransomware trends by sector, including education, government, and telecommunications.
  • It breaks down the control failures behind unmanaged credentials, dormant accounts, and exposed secrets.
  • It connects NIS2 and DORA to operational resilience, board accountability, and supplier oversight.
  • It closes with product positioning and deployment context for Fudo Enterprise 6.0 and ShareAccess.

👉 Read Fudo Security's analysis of cyber resilience, PAM, and privileged access control →

Privileged access and cyber resilience: what IAM teams must change?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9257
 

Continuous resilience is a privileged access problem before it is a ransomware problem. The article correctly ties resilience to standing control, but the deeper issue is that privileged access becomes the choke point for recovery, containment, and accountability. When access is fragmented across admin tools, suppliers, and ad hoc exceptions, the organisation loses the ability to answer who can act on critical systems at any moment. That makes resilience a governance discipline, not a security project.

A few things that frame the scale:

  • 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
  • Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to the same research.

A question worth separating out:

Q: Who is accountable when cyber resilience controls fail under NIS2 and DORA?

A: Accountability sits with the organisation’s leadership and the teams responsible for operational risk, access governance, and incident response. NIS2 and DORA both push security beyond technical ownership into board-level responsibility, supplier oversight, and demonstrable control effectiveness. If the organisation cannot prove who owns privileged access decisions, it cannot credibly claim resilience.

👉 Read our full editorial: Cyber resilience in 2026 depends on controlling privileged access



   
ReplyQuote
Share: