Identity Management Day: don't make it easy for cybercriminals

Concept artwork generated by Bing Image Creator (Dall E 3) to depict identity management.

The second Tuesday in April marks Identity Management Day. The Identity Security Alliance notes on its website that the day was established in 2021 in partnership with the US National Cybersecurity Alliance. The day aims educate business leaders, IT decision makers, and the general public about the importance of identity management. 

Fabio Fratucello, Field CTO World Wide, CrowdStrike emphasised that today’s adversaries do not need to break in. "They’re logging in," he said. "Attackers have shifted from traditional malware-based methods to exploiting identity gaps and using stolen credentials to silently infiltrate environments. Once inside, they operate as legitimate users, bypassing legacy security tools and moving laterally across identity, endpoint, and cloud domains.

"As highlighted in CrowdStrike’s 2025 Global Threat Report, 79% of initial access is now malware-free, and access broker activity has surged by 50% year over year. The reality is that traditional security measures, previously effective against malware-driven attacks of the past, are now inadequate."

Patrick Harding, Chief Product Architect at Ping Identity said that AI now affects identity management. He said: “Identity Management Day takes on a whole new meaning this year as individuals and organisations find themselves not only responsible for managing human identities but also increasingly tasked with overseeing AI, as it assumes agentic roles on behalf of humans. The impact AI will have on identity is far greater than we anticipate. For that reason, it’s important for businesses and individuals to ensure their security practices keep pace with the rapid evolution of technologies like AI."

Savyint also focused on the role of AI in identity management. Ravi Erukulla, VP, Product & Strategy, Savyint, said in a blog post that identity management is about to transform, driven by the evolution of generative AI and agentic AI. "The traditional notion of identity as a singular entity—one person, one thing—is changing dramatically," he explained in the blog post.

"In this AI-driven world, a human may have their own identity alongside multiple AI agents, each possessing its own digital identity. Machines, applications, and AI-driven agents can communicate with each other autonomously, forming agent-to-agent identity interactions. The line between human and machine identities has blurred, reshaping authentication, authorisation, and trust models."

"Identity Management Day is a timely reminder for organisations to reassess their identity security posture and take a proactive, identity-first approach to defence. This includes implementing Zero Trust principles, ensuring identities are continuously monitored, hardening authentication with MFA and passwordless authentication, deploying AI-powered threat detection and intelligence, and eliminating unnecessary access privileges," Fratucello concluded.

"Additionally, organisations need a unified security platform–powered by real-time intelligence–that correlates identity, cloud and endpoint activity to provide comprehensive visibility across domains and eliminate blind spots. With an identity-centric security strategy and unified security platform in place, organisations can focus on stopping the breach.”

"Leaning into approaches like Zero Trust architectures and decentralised identity models is that much more critical in a digital-first world. As AI attacks target centralised repositories of personal data and look to mimic trusted users, it’s imperative to ensure data isn’t gathered in one vulnerable location and every user is verified, regardless of who they are or claim to be," Harding said.

"As the way we work changes, it’s critical we secure our workforce, build customer trust, and deliver the seamless and secure digital experiences individuals deserve.”