惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
S
Security Affairs
Engineering at Meta
Engineering at Meta
MongoDB | Blog
MongoDB | Blog
Microsoft Security Blog
Microsoft Security Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
美团技术团队
月光博客
月光博客
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
有赞技术团队
有赞技术团队
博客园 - 叶小钗
Hugging Face - Blog
Hugging Face - Blog
Microsoft Azure Blog
Microsoft Azure Blog
V
V2EX
Vercel News
Vercel News
阮一峰的网络日志
阮一峰的网络日志
腾讯CDC
C
Cisco Blogs
T
Tor Project blog
The Hacker News
The Hacker News
雷峰网
雷峰网
MyScale Blog
MyScale Blog
博客园 - 司徒正美
AWS News Blog
AWS News Blog
GbyAI
GbyAI
Y
Y Combinator Blog
D
DataBreaches.Net
Simon Willison's Weblog
Simon Willison's Weblog
S
Securelist
The GitHub Blog
The GitHub Blog
S
SegmentFault 最新的问题
T
Tenable Blog
L
LangChain Blog
M
MIT News - Artificial intelligence
N
Netflix TechBlog - Medium
The Cloudflare Blog
A
About on SuperTechFans
IT之家
IT之家
F
Fortinet All Blogs
Security Latest
Security Latest
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
NISL@THU
NISL@THU
爱范儿
爱范儿
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
W
WeLiveSecurity
A
Arctic Wolf
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog

Security

Report: Business email compromise attacks surged dangerously in April Scope Systems confirms cyber incident, says no data loss occurred Instructure breach: ShinyHunters says ‘matter has been resolved’ Rapid7 launches Cyber GRC program to connect compliance with live risk data Australian federal budget 2026: The industry perspective Op-Ed: Microsoft May Patch Tuesday reveals 137 vulnerabilities Federal Budget 2026: The state of cyber security spending for the coming year OpenAI offers EU early access to its cyber security model Exclusive: Aussie firm Earth Systems listed by INC Ransom hacking group Op-Ed: Why Middle East tensions demand immediate action on OT security Aussie schools breach: Instructure boss “reaches agreement” with ShinyHunters to not release data Institute of Public Accountants members hit by data breach Union demands answers on Qantas AI plans 1 in 3 small businesses don't think they're a cyber target, new research finds Exclusive: Aussie toy distributor listed by M3rx ransomware Exclusive: Australian Computer Society investigating possible breach after ShinyHunters hack claims The industry speaks – part 2: World Password Day 2026 Aussie schools breach: The Instructure hack “transcends an isolated IT incident” Exclusive: Aussie car part importer Strategic Imports allegedly breached by threat actors New South Wales, other states, investigating Instructure/Canvas data breach Australian Cyber Security Centre warns of ClickFix campaign leveraging Australian infrastructure Queensland Department of Education confirms students & staff impacted by ShinyHunters data breach ACMA takes action against SpinTel & Yomojo over mobile number fraud violations The Industry Speaks, Part 1: World Password Day 2026 Qualys and Converge tie cyber insurance pricing to real-time security posture Fakeout: Iranian APT caught hiding behind Chaos ransomware activity Exclusive: Australian energy management firm allegedly breached by SafePay Real estate giant Cushman & Wakefield confirms cyber incident, Qilin and ShinyHunters claim attack CrowdStrike expands Project QuiltWorks as more partners join AI security coalition Hacked: ALS discloses cyber incident, unauthorised access to IT systems Microsoft the main target of AI phishing attacks, report uncovers Attackers increasingly turning to trusted security tools to compromise Aussie victims Exclusive: Champion Homes confirms customer data compromised in “cyber event” Australia, Japan commit to partnership to meet cyber security challenges & strengthen cyber defences NSW Treasury cyber incident contained, impact no longer ‘significant’ WA rental scam surge: Tenants targeted with fake $500 discount trap Aussie Information Commissioner launches Privacy Awareness Week 2026 Unregistered branded text messages to be labelled ‘Unverified’ from 1 July Exclusive: Major Australian jewellery brand confirms cyber incident Watch this! Komari server monitor tool abused by hackers Act Now! ACSC warns of active exploitation of cPanel & WHM critical vulnerability Exclusive: Kiwi electrical contractor confirms cyber attack Exclusive: Prime Properties listed as breach victim by M3rx ransomware DigiCert launches AI Trust architecture to secure agents, models, and content Winners of the 2026 Australian Cyber Awards unveiled Op-Ed: Redefining performance in the AI-powered SOC NZ council cyber attack leads to ID and financial data being exposed Alert! Wave of fake toll, parking scams impacting countries worldwide, including Australia and New Zealand Vect unveiled: Inside an emerging ransomware group’s affiliate network Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims Aussie ice-cream franchise Gelatissimo suffers alleged hack by DragonForce Anthropic Mythos: The model, the myth and the mundane​ Report: Aussie small businesses doing it tough as job scams double, losses rise Cyber attacks on medical devices pose ‘significant’ impact on real-life patient care Twisted Firestarter! Aussie, US, and UK cyber agencies warn of Cisco malware campaign Generation Life informs customers of “cyber incident” as owner shares incident with ASX CBA launches new scam-finding AI agent Sri Lankan government hack sees $3.7m destined for Australia stolen CrowdStrike extends cloud threat detection to Google Cloud Hey big spender! Microsoft to invest $25bn in Australian AI infrastructure Genetec marks Sydney milestone with visit by high commissioner of Canada to Australia Rental platform under fire for collecting excessive personal data Exclusive: SA genealogical research firm confirms cyber incident following SafePay ransom claims PentenAmio announces acquisition of Armour Communications Exclusive: Aussie passports compromised in alleged Favelle Favco data breach Cutting edge: Anthropic’s Claude Mythos preview is a ‘double-edged sword’, expert says Treasury staffer charged for NSW government data breach Op-Ed: AI won’t patch the holes in your SOC Game on! More than a third of FIFA World Cup 2026 partners expose Aussies to email fraud risk Dark web markets: A complete Aussie identity costs as little as $200 Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group Mortgage fraud now harder to detect thanks to AI McGraw Hill confirms ShinyHunters breach, won’t confirm if any Aussie customers impacted Update now: Active exploitation of Nginx UI vulnerability CVE-2026-33032 underway National Defence Strategy 2026: Spending on military cyber capability to reach at least $15bn Exclusive: Qld pharmacy chain allegedly breached by Kairos ransomware Op-Ed: ASIO has broken its silence on cyber crime, and you should listen Too-hard basket: NIST to scale back CVE updates as vulnerabilities soar OpenAI launches GPT 5.4-Cyber in response to Anthropic Glasswing NZ racehorse auction stalled by cyber attack Op-Ed: Microsoft April Patch Tuesday reveals 167 vulnerabilities ADF joins international military exercise focused on cyber resilience and multi-domain operations OpenAI CEO’s home targeted in attempted drive-by just days after Molotov attack Exclusive: Aussie communications company Mastercom ‘aware’ of INC Ransom claims Booking.com confirms cyber incident, customer reservation data potentially compromised Report: Majority of CISOs not ready for the next big cyber attack Exclusive: Aboriginal community organisation confirms cyber incident following INC Ransom claims WASTED! GTA developer Rockstar Games confirms hack as ShinyHunters demands ‘pay or leak’ Exclusive: Gunra ransomware lists Eric Davis Dental as breach victim Op-Ed: Why zero trust for OT should start at the boundary, not the boiler room Exclusive: NSW pharmacy management firm allegedly breached by INC Ransom US Treasury launches intelligence-sharing initiative with crypto companies Citigroup says AI speeds up new account openings Cyber war: Pro-Iranian hackers vow to fight on despite a fragile ceasefire with the US Exclusive: Victorian resort hotel allegedly breached by Space Bears ransomware Game on! Nationwide student competition aims to tackle Australia’s cyber skills gap Exclusive: Anubis ransomware gang claims hack of WA-based Shine Aviation Ransomware group claims hack of legal giant Jones Day Anthropic, partners announce Project Glasswing cyber security initiative Exclusive: Aussie tech firm Seeing Machines confirms potential cyber security incident
The industry speaks: World Identity Management Day 2026
David Hollingworth · 2026-04-13 · via Security

Managing and securing identities across the enterprise is more important than ever – here’s some vital advice from industry insiders.

Paul Davis
Area vice president sales – APAC at ClickHouse

The identity security market has matured significantly over the past year, with Palo Alto Networks completing its $25 billion acquisition of CyberArk, and CrowdStrike picking up SGNL for $740 million, which signals that the industry now treats identity as a standalone discipline rather than a feature within a broader security stack. The landscape driving that shift is clear: machine identities vastly outnumber human ones, credential-based attacks have overtaken traditional malware as the preferred method of entry, and AI-generated identity fraud is already playing out at scale, as we saw recently, where fabricated documents were allegedly used to secure roughly a billion dollars in fraudulent loans.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

The emergence of agentic identity security adds another dimension to all of this. AI agents are now accessing systems, making decisions, and acting on behalf of organisations, and the identity conversation has expanded from how we authenticate users to how we ensure an agent gets precisely the access it needs and nothing more, while continuously verifying it stays within those boundaries.

Doing that well requires real-time correlation of identity events across your SSO provider, cloud IAM, application logs, and privileged access tools at a speed and scale that most traditional SIEM platforms weren’t designed to handle. Protecting identities in 2026 means protecting every identity: human, machine … and agent.


John Cannava
CIO at Ping Identity

From an IT leadership perspective, Identity Management Day takes on new urgency this year as both individuals and organisations are managing human identities while also governing AI as it takes on increasingly agentic roles. The impact AI will have on identity will likely be far greater than we anticipate, which means our approach to security has to evolve in lockstep.

In this new reality, the login is no longer the primary security boundary – access must be continuously evaluated and enforced. In agentic systems, risk doesn’t end at sign-in; it evolves dynamically at runtime as users and systems interact. Identity can no longer be verified once and trusted indefinitely. It must be continuously evaluated at every high-impact action.

That’s why approaches like zero trust and decentralised identity are becoming critical to reducing risk while still enabling the business to move quickly. As AI-driven attacks increasingly target centralised data and try to imitate legitimate users, organisations need to move away from single points of failure and verify every access request in real time, no matter who or what is behind it. This requires rethinking identity across both workforce and customer environments.

As the way we work continues to change, the focus has to be on securing the workforce, maintaining customer trust, and delivering digital experiences that are both seamless and secure. The future of identity will depend on how well we adapt to this more dynamic, continuous model of trust.

Art Gilliland
CEO of Delinea

Identity doesn’t stop at people. Non-human identities, particularly AI agents, are quickly becoming one of the biggest sources of enterprise risk. Despite 83 per cent of Australian organisations claiming they’re ready for AI-driven automation at scale, 40 per cent admit their identity governance for AI systems falls short. The problem is relatively simple but often overlooked: teams are still treating AI agents as tools, when they actually behave like privileged users. This creates the “AI security paradox” where organisations are scaling their AI initiatives faster than they control which identities get access to what. Dangerous blind spots can form as a result, hiding unchecked privilege, quiet access paths, and little accountability for actions. The pressure to move fast on AI is real, but so is the need to lock down identities. As AI agents continue to multiply across enterprise environments, identity can’t be viewed as just another part of security; it must be treated as the overarching control plane.

Anthony Daniel
Managing director, Australia, New Zealand, and the Pacific Islands, at WatchGuard Technologies

Most cyber criminals don’t hack into systems anymore; they simply log in.

Attackers are increasingly exploiting identity to gain access, using stolen credentials, encrypted channels, and legitimate tools to blend into trusted environments. Once inside, they move laterally across systems without raising alarms, rendering traditional defences ineffective. As highlighted in WatchGuard’s Internet Security Report, there has been a 1,548 per cent surge in new, unique malware alongside a rise in threats designed to evade detection. With 96 per cent of malware now delivered over encrypted channels, visibility is shrinking while attacker capability continues to grow.

This Identity Management Day, organisations need to shift the conversation from access management to identity risk management. That means continuously assessing behaviour, context, and intent, and connecting identity with endpoint and network signals to detect compromise earlier. In an environment where attackers can appear indistinguishable from legitimate users, identity is no longer just part of the attack chain; it is where it begins and where it must be controlled.


Sean Deuby
Principal technologist at Semperis

The sixth Identity Management Day highlights the evolving nature of identity.

The meteoric rise of AI in general and its impact on non-human identities (NHIs) has focused attention on identity security as never before. But in the long view, it simply highlights the same issues we have seen in identity management since it was called “identity management”. And discovery has always been a part of it.

Enabling the business has always been the priority for IT. Managing the identity pieces you have created for the business has not, because it does not directly benefit the business.

Do you need this group created, populated, and added to an application? Sure. Do you need this service account immediately? Right away. Let’s give it some extra privileges because we know we will not have to troubleshoot permission problems in the future.

But ask yourself: how often have you seen “Please remove this account because we’re not using it anymore”? Rarely. Unless you’re a regulated business, identity governance and administration (IGA) is usually an afterthought. This has been the reality of IT as long as there’s been IT.

I lump this into the identity security category I call “eat your vegetables”: you know it’s good for you, but you don’t do it enough. Even after 26 years of general availability, identity governance is far from a given in Active Directory environments, especially smaller ones.

Since identity systems such as Active Directory have very long lifespans, these daily decisions accumulate over years or decades of production. Organisations find they have thousands or tens of thousands of under-regulated NHIs (we call them service accounts on premises). This is one of many reasons identity systems are a favourite target of threat actors; they know very well these NHIs are overprivileged, underprotected, and neglected.

Take these same factors, surround them with the tinder of cloud services’ ease of use, pour the gasoline of AI onto it, and give developers the match. That’s the dumpster fire we’re looking at today, with NHIs outpacing human identities at what seems like a geometric progression. We’re right to be concerned.

How does “finding identity” fit into this? We can’t just wring our hands about the situation; we need to take steps immediately. We must put controls in place as soon as possible. And we must discover what’s already out there, using any tools we have, so we know the scope. You don’t know the size of your dumpster fire until you’ve looked.


Nam Lam
Group vice president, Australia and New Zealand, at SailPoint

World Identity Management Day is a moment to ask an honest question: Is the way we think about identity keeping pace with the world we are actually operating in?

For most organisations, the answer is no. Identity security has traditionally been treated as a static discipline. You grant access, you review it periodically, and you hope nothing changes too dramatically in between. But the enterprise of 2026 is anything but static. Workforces shift constantly, and applications multiply into the thousands. AI agents are proliferating across business units at a pace that outstrips any governance program built for the human era.

The result is a growing gap between what organisations think they have under control and what is actually happening across their identity landscape. In Australia and New Zealand, that gap carries real regulatory, financial, and reputational consequences.

Part of the problem is how we still define risk. In the past, privileged access belonged to a select few. Today, a payroll bot approving salary runs or a junior analyst with API access to sensitive data can each trigger significant impact. Risk no longer lives in job titles. It lives in context, and that is precisely what static governance was never designed to read.

What this day should prompt is a shift in mindset to embrace an adaptive identity security model. Static controls tell you who had access last year. Adaptive identity security tells you whether the access being requested right now, in this context, by this identity, at this hour, makes sense and acts accordingly. It is also the layer that makes zero trust work in practice. Many Australian organisations have embraced zero trust in principle but struggle to operationalise it, because architecture alone cannot enforce least privilege dynamically. Adaptive identity security provides that enforcement.

SailPoint’s own research makes the urgency clear. Eighty-two per cent of enterprises are already using AI agents, yet fewer than half have governance policies to manage them. Seventy-five per cent of machine identities have no designated owner. Each one represents an access pathway that nobody is watching.

The tools to address this exist today. Real-time risk scoring, just-in-time access, continuous authorisation, and unified visibility across human and non-human identities are well within reach, and the organisations investing in them are moving faster, complying more confidently, and recovering more quickly when threats materialise.

Identity security is not a control function. It is the foundation on which a secure, resilient, and agile enterprise is built. World Identity Management Day is a prompt to treat it that way.


Brett Chase
Director, Sales Engineering, APJ at Cohesity

Identity is at the core of today’s cyber threat landscape. Nine out of ten cyberattacks now start with identity through compromised credentials or misused identities. In Australia, the rise of materially significant cyber incidents makes it clear that weak or inconsistent identity management practices remain a major but preventable root cause.

Historically, identity management has been viewed through a narrow, human-centric lens, focused on employee access controls, enforcing role‑based permissions, and ensuring workers have the right level of access to applications and data. But that view is now outdated.

The reality is that this no longer reflects today’s digital environments. When identity controls are weak, attackers exploit the gaps using social engineering, credential theft, and technical exploits. Techniques such as phishing, password spraying, MFA fatigue, or credential-stealing malware allow attackers to gain an initial foothold. Once inside, they impersonate legitimate users, escalate privileges, and move laterally across networks, often undetected, to gain access to critical systems and data.

The rapid adoption of generative AI, automation, and emerging agentic systems has also increased the prevalence of non-human identities such as scripts, workloads, and AI agents that can access and act on data at speed. Without proper governance and controls, these non-human identities can become an unmonitored pathway for attackers.


James Ross
Regional Vice President – ANZ, at Saviynt

Identity management was built for people, but today, the busiest users in your network aren’t human. We are seeing an explosion of non-human identities—from simple automation scripts to autonomous AI agents, all interacting with sensitive data at a velocity no human could match.

The friction lies in how these entities behave. They don’t take breaks, they make independent decisions, and they usually ship with broad permissions by design. Yet, most teams are still trying to shove these machine behaviours into security frameworks designed for a 9-to-5 workforce.

Identity can't just be a compliance checkbox anymore; it has to be the principal system for governance and enforcement point. Organisations that recognise this shift will be able to deploy AI safely. Those that don’t are essentially handing the keys to a fleet of autonomous actors they can’t see, let alone stop.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.