Why identity is now the frontline of cybersecurity

Cybersecurity is at a clear inflection point. What was once treated as an add-on is now embedded into the very foundation of enterprise strategy. As attackers evolve, becoming faster, quieter, and more sophisticated, organisations are being forced to rethink how they approach defence.

In an interaction with Express Computer, Fabio Fratucello, Field CTO Worldwide at CrowdStrike, shares insights from the latest threat landscape, highlighting how identity, AI, and platformisation are reshaping enterprise security priorities.

The rise of “evasive adversaries”

The threat landscape in 2026 is not just evolving—it is accelerating.

Fabio points to a fundamental shift in attacker behaviour, where sophistication and speed are now defining characteristics. “We publish our annual report, which is called the CrowdStrike Global Threat Report, and this time we call it the year of the evasive adversaries.”

What stands out is not just the increase in attacks, but how attackers are operating. “What we’re seeing is a threat landscape that continues to escalate, with adversaries becoming more sophisticated and also faster.”

A major driver of this shift is artificial intelligence. Attackers are now leveraging AI across the entire attack lifecycle.

“They are using AI capabilities at any point of the attack phase, whether it is reconnaissance, vulnerability research, or exploitation,” says Fratucello. This enables them to process vast amounts of data and identify vulnerabilities at unprecedented speed.

When seconds matter: The race against breakout time

Speed has become one of the most critical factors in modern cyberattacks. “One of the key metrics we track is breakout time, which is the time it takes for an adversary to move laterally after the initial compromise. This metric is shrinking dramatically. The breakout time keeps going down and is now 29 minutes, and the fastest we have recorded was 27 seconds. The implication is significant. By the time someone brings a refreshment into the room, an attacker can already move laterally inside a network,” he explains. 

This speed makes detection and response far more difficult, exposing the limitations of traditional security models that rely on slower, reactive processes.

From break-ins to log-ins: Identity becomes the new battleground.

One of the most important shifts in cybersecurity is the move from exploiting systems to exploiting identities. There has been a significant increase in malware-free attacks. Instead of breaking into systems, attackers are increasingly logging in using compromised credentials.

“When an adversary has access to a compromised identity, they don’t need to break in—they can just log in. This shift introduces new challenges for defenders. You are no longer making noise or raising alerts; you are just logging in, and that is more challenging to detect. As a result, identity has become a critical focus area. The most important domain to have under control from a defence standpoint is identity,” adds Fratucello. 

Organisations are now rethinking identity security, extending beyond traditional controls. They are moving towards identity detection and response, securing how identities are created, provisioned, and used.

The challenge is further compounded by emerging digital identities. “There is going to be an increased focus on securing both human and non-human identities, including those used by AI agents,” avers Fratucello.

Why platformisation is becoming critical
As attacks span endpoints, identities, and cloud environments, siloed security approaches are no longer effective. He points out that modern attacks are not siloed at the domain level. This is driving a shift towards unified, platform-based security models “Organisations are shifting to platform adoption because platforms bring multi-domain visibility together.”

A platform approach enables enterprises to see the full picture. This holistic view is essential for faster and more accurate decision-making.

Platforms also need to handle growing data complexity. Cloud-native, AI-driven platforms are becoming the foundation for this shift.

AI in cybersecurity: Augmentation, not replacement

AI is now central to both attack and defence strategies. Fabio emphasises that AI should not replace human expertise but enhance it. “It is not about removing people but augmenting them, having humans and machines working hand in hand.”

AI brings speed and scale, while humans bring intuition and judgement. “We want to harness human instinct but also the speed and data-processing capabilities of AI,” he says. 

Organisations must also be mindful of how AI is adopted. The recommendation is to start using AI now, while building governance and visibility. “You are already using AI whether you know it or not, so it is better to understand it and control it.”

The expanding attack surface in the AI era

While AI offers opportunities, it also introduces new risks. “We are increasing the attack surface with new cloud workloads, models, agents, and datasets,” points out Fratucello.

This requires new security approaches. There needs to be a new domain of security controls for AI, including protecting against things like prompt injection.

Organisations must focus on two key areas: how employees use AI and how AI systems themselves are secured. “First is securing workforce interaction with AI tools, and second is securing AI itself as a computing environment.”

Bridging the gap between boards and security teams

One of the biggest challenges organisations face is not just technical—it is organisational. There is often a gap between technical teams and boards.

Fabio believes that security leaders must take responsibility for bridging this gap. “Security leaders need to spend time educating boards on the threat landscape and technology. Non-technical stakeholders require context and clarity. Their language is business and risk, not technical, so security leaders must translate that.”

This alignment is critical for driving informed decision-making at the top.

Building resilience in a fast-changing landscape

Looking ahead, Fabio highlights a few key priorities for organisations. AI will certainly be one of the main focus areas.

He also points to emerging areas such as browser security and continuous authorisation as new battlegrounds. The browser is becoming an extension of the endpoint and a new battleground.

Ultimately, resilience will depend on adopting the right foundation. The biggest suggestion is adopting a cloud-native platform with AI capabilities. Such a foundation enables organisations to scale security across domains. “You can start protecting endpoints, identities, and cloud environments as part of a unified approach.” 

Conclusion

Cybersecurity is no longer about defending isolated systems—it is about managing a dynamic, interconnected ecosystem of identities, data, and technologies.

As attackers become faster and more evasive, enterprises must respond with equal agility, leveraging AI, unified platforms, and a stronger focus on identity.

In this new reality, the shift from “break-ins” to “log-ins” is not just a trend; it is a signal that the rules of cybersecurity have fundamentally changed.