The battle against identity-related cyber threats in 2026

Sophos’ latest report highlights the rise of identity-related cyberattacks, emphasising the need for robust identity security measures.

  • Friday, 6th March 2026 Posted 4 months ago in by Sophie Milburn
The recently released 2026 Sophos Active Adversary Report highlights a significant rise in identity-related cyber threats. The analysis indicates that 67% of cyber incidents investigated by Sophos teams last year involved identity compromises. The findings suggest attackers are increasingly relying on stolen credentials and environments without effective multi-factor authentication (MFA).

Key trends identified in the report show a shift from exploitation of vulnerabilities toward the use of compromised credentials. Brute-force activity accounted for 15.6% of initial access attempts, compared with 16% attributed to exploitation. The report also notes that the median dwell time has decreased to three days, reflecting both faster attacker activity and improved detection and response capabilities.

The report states that attackers were able to reach Active Directory (AD) servers within an average of 3.4 hours after gaining initial access to an organisation. It also finds that 88% of ransomware payloads were delivered outside of normal business hours, indicating the importance of continuous monitoring and response capabilities.

Telemetry gaps are identified as an ongoing challenge. Missing logs due to data retention limitations are reported to be increasing, partly because some firewall appliances retain logs only for limited periods. These gaps can impact visibility and incident investigation.

The report emphasises the need for stronger identity security measures, including phishing-resistant MFA and proper configuration of identity infrastructure. It notes that 59% of identified cases involved environments without MFA in place, highlighting a persistent vulnerability that attackers exploit.

The threat landscape continues to expand, with the report recording the highest number of active threat groups since its inception. Ransomware families such as Akira and Qilin are reported to be prominent in specific attacks, underscoring the importance of understanding attacker tactics, techniques, and procedures (TTPs).

Regarding artificial intelligence, the report finds no clear evidence that AI has fundamentally changed attacker behaviour. While AI tools may improve the efficiency of phishing campaigns, core attack methods remain focused on identity compromise, telemetry gaps, and response speed.

Based on these findings, recommended defensive measures include:
  • Implementing and validating robust MFA configurations
  • Limiting exposure of identity infrastructure to external threats
  • Addressing known vulnerabilities promptly
  • Ensuring continuous (24/7) monitoring of security environments
  • Maintaining comprehensive security logs to support detection and incident response

AI's rise in business: opportunities and challenges

Posted 17 hours ago by Katy Hill
As AI adoption grows in importance, businesses face challenges but aim for balanced, trustworthy integration.
Simon Whatley steps up as General Manager at IPCortex, aiming to develop partner relations and enhance communications solutions.
Wasabi Technologies launches a new initiative, Impact Circle, aimed at partners and MSPs to reduce emissions from cloud storage using curated carbon...
Arrow Electronics has received Veeam’s 2026 EMEA Aggregator of the Year award, recognising its role in expanding distribution of Veeam’s data...
The rise of AI presents challenges to cybersecurity, with increasing reliance on manual interventions and extended dwell times despite advanced...

UBDS Group secures investment from LDC

Posted 5 days ago by Sophie Milburn
UBDS Group acquires investment from LDC to drive growth and expand its service offerings.
UK's pragmatic approach to AI automation prioritises pre-built solutions over bespoke development, contrasting with US's costlier custom-centric...
Certification's true value lies beyond speed, focusing on continuous system improvement for genuine resilience.