Notifications
Clear all
Topic starter
08/06/2026 4:04 pm
TL;DR: Identity-based attacks using stolen credentials have risen by 71% and now drive some of the most damaging cloud breaches, according to IBM and the Snowflake-linked incidents discussed by Axiad. The lesson is structural: MFA alone is not enough when phishing, credential reuse, and third-party access remain viable entry points.
NHIMG editorial — based on content published by Axiad: Identity Gaps: The Need to Use Both x.509 & FIDO
By the numbers:
- Identity-based cyberattacks have become the top global cybercrime attack vector, with a 71% rise in attacks using valid login credentials.
Questions worth separating out
Q: How should security teams reduce phishing risk in cloud identity environments?
A: Security teams should prioritise phishing-resistant authentication for the access paths that can reach sensitive cloud services, privileged consoles, and third-party integrations.
Q: Why do valid credentials remain such a major enterprise risk?
A: Valid credentials work because they bypass many traditional perimeter controls and often inherit legitimate access.
Q: How can organisations tell whether their MFA programme is actually strong enough?
A: Look for coverage gaps, exception paths, and methods that can be reset, replayed, or coerced through user interaction.
Practitioner guidance
- Map authentication exceptions across cloud access paths Inventory where MFA is missing, bypassable, or inconsistently enforced across employees, contractors, demo accounts, and admin workflows.
- Deploy phishing-resistant authentication for high-risk roles Use x.509 certificates or FIDO passkeys where users access privileged or sensitive systems, and reserve weaker methods only where the application or device landscape still forces them.
- Separate demo and non-production access from production trust Treat demo accounts and shared testing environments as distinct identity domains with their own controls, review cadence, and revocation rules.
What's in the full article
Axiad's full blog post covers the operational detail this post intentionally leaves for the source:
- How x.509 certificate authentication fits into Windows, macOS, Salesforce, and Office 365 access flows
- Why FIDO passkey coverage remains incomplete across devices and web destinations
- How certificate-based authentication maps to existing IAM and PKI-supported workflows
- Which authentication gaps remain after standard MFA is already deployed
👉 Read Axiad's analysis of x.509 certificates and FIDO for phishing-resistant access →
x.509 certificates and FIDO: are your authentication controls enough?
Explore further
08/06/2026 5:29 pm
Phishing-resistant authentication is now an identity architecture problem, not a login preference. The article shows that stolen credentials still unlock material cloud access when MFA is uneven or bypassable. That means the control question is not whether organisations have authentication, but whether their authentication design can survive phishing, social engineering, and exception sprawl. Practitioners should treat authentication method selection as a core identity risk decision.
A few things that frame the scale:
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks, according to The 2024 ESG Report: Managing Non-Human Identities.
- The average organisation believes more than 1 in 5 of their non-human identities are insufficiently secured, which means identity assurance gaps are already part of normal operating conditions.
A question worth separating out:
Q: What is the difference between FIDO passkeys and x.509 certificates in enterprise access?
A: FIDO passkeys remove passwords and rely on device-bound, biometric-backed authentication, while x.509 certificates use PKI-backed trust tied to hardware or managed endpoints. Both reduce phishing exposure, but they fit different parts of the estate. Many organisations need both because application support, device coverage, and workflow fit are not identical across the enterprise.
👉 Read our full editorial: Identity attack surface gaps show why x.509 and FIDO both matter
