COMMENTARY: SAN FRANCISCO – For more than 30 years, the RSA Conference has been a driving force behind the world’s cybersecurity community, bringing together thousands of professionals, practitioners, and vendors to discuss cybersecurity.At RSA Conference 2025, we have seen one topic dominate the conference agenda and conversations on the show floor: identity security.Verizon released its annual Data Breach Investigations Report (DBIR) just days before the show, which found – based on an analysis of more than 22,000 security incidents, including 12,195 confirmed data breaches – credential abuse remains a leading initial attack vector.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]Notable sessions highlighted the mission-critical need for stronger security measures. During the session “Countering China’s ‘Typhoon’ Threats Targeting U.S. Critical Infrastructure,” the FBI’s Deputy Assistant Director of Cyber Operations Brett Leatherman joined representatives from Palo Alto Networks’ Unit 42, Microsoft, and Silverado Policy Accelerator to discuss how public-private collaboration helps detect, disrupt, and defend against evolving threats.While targeted, collaborative efforts are one important component to stopping global cybercrime, identity security stands at the core of many cyber attacks and data breaches. Stolen credentials let the Salt Typhoon members persist in networks for years. Salt Typhoon’s campaign reminds us of how central identity security is to cyber resilience.The 2025 DBIR further revealed that ransomware attacks rose by 37% year-over-year, and are now present in 44% of breaches. Identity security has become a weak point in defending against ransomware attacks. During the session, “Identity: The Last Bastion Security Control in a SaaS World,” IANS Research Faculty member Aaron Turner told attendees how identity is critical to risk management and security control strategies. Turner explored how malicious cyber actors target the identity stack to steal data, compromise systems and deploy ransomware attacks.At our booth, we spoke with technology practitioners and decision-makers about their cybersecurity concerns, and identity security topped the list. AI has exacerbated existing concerns and leading to new issues: it has lowered the barrier to entry for novice malicious actors, and increased the level of sophistication of veteran cybercriminals. Bad actors weaponize AI to speed up and scale common attack techniques, such as password cracking. The emergence of AI-driven cyber attacks makes fundamental cybersecurity practices essential.The sessions and conversations from the RSA Conference 2025 highlight the need for strong identity security measures. In practice, this means strong password policies, enterprise password management and multi-factor authentication. Organizations should eliminate weak and reused credentials by enforcing robust password policies requiring unique, complex passwords that are at least 16 characters long and stored in an enterprise password manager. Regular audits of privileged accounts and the elimination of unused credentials can significantly reduce risk of exposure.As threat actors use harvested credentials to escalate privileges and disable defenses, stopping credential theft isn’t enough – organizations must also ensure that attackers can’t escalate privileges or move laterally once inside. To achieve this, enterprises and mid-market organizations alike must take a layered approach to security that includes zero trust, least-privilege access and privileged access management (PAM).PAM can help restrict lateral movement by securing and limiting access to critical systems, making it significantly harder for attackers to persist and minimize the impact of a breach. By securing critical accounts and restricting lateral movement, organizations can greatly hinder adversaries’ ability to maintain long-term control. Proactive endpoint security, continuous employee training on phishing and social engineering threats, as well as robust data encryption and backup strategies are also essential to mitigating ransomware risks and other cyber threats.Security leaders must act decisively to reduce their attack surface, invest in zero-trust architectures and deploy robust endpoint and identity security controls to mitigate cyber risks before they escalate into business-disrupting incidents.As San Francisco gears up for the final day at the RSA Conference, let’s all remember the importance of the foundational cybersecurity practices proven to keep modern systems secure.Darren Guccione, co-founder and CEO, Keeper SecuritySC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
