Identity too often gets managed in silos as a function of compliance and efficiency, particularly in people-dense industries like retail, logistics, or public sector services. What attackers understand—and defenders under-resource—is that it’s also one of the easiest vectors to exploit. And with the digitalization of the frontline workforce, it’ll only get easier.
Make identity a security priority
The operational cost of rolling out strong identity controls like MFA to even a portion of the company’s users can feel significant. But that cost pales in comparison to the financial, reputational, and operational damage caused by a successful ransomware attack.Restoring functionality after an attack is not just about rebuilding or even reimaging systems. It’s about untangling complex interdependencies and re-evaluating long-standing architectural decisions. It’s about rebuilding trust that the person on the other end of that Zoom call or email thread is who they say they are. Ultimately, it can take months and sadly, the true costs are enormous.In times of peace, it’s incredibly hard to justify a change that could disrupt day-to-day efficiency, even if it improves overall security. But in the wake of an attack, priorities change and old barriers fall away. Here’s where transformation becomes possible—not just for those in the middle of it, but also for the onlookers.With three major UK retailers hit in quick succession, and the same underlying gaps exploited, it’s no longer a question of if this could happen elsewhere, but when. We’ve seen this pattern before: MGM, Uber, and others.The vector doesn’t change because it still works. A compromised identity worked then, and it continues to work now. Retailers around the world now have their chance to think bigger, act upstream, and use these attacks to change identity from being an operations function to a vital security control.For those now in the trenches of a breach, know that this will pass. It’s difficult to recover, but possible—and there’s a community of practitioners ready to support victims of attacks.For everyone else, don’t wait for a personal wake-up call. These attacks are an opportunity to shift mindsets, both within and around the industry. Identity is not just about keeping auditors happy or shelves stocked. It’s about stopping real threats, protecting real people, and ensuring operational resilience. Treat identity as a core part of the organization’s security strategy, not an efficiency play, and take control against identity-first attackers.Rob Ainscough, chief identity security advisor, Silverfort; former head of IAM, TescoSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
