A recent report highlighted by IT Pro, referencing findings from Palo Alto Networks, reinforces a persistent theme within cybersecurity: the majority of breaches are not the result of sophisticated zero-day exploits, but of preventable security gaps and weaknesses in identity controls.

The research indicates that poor identity governance, misconfigurations, and basic security hygiene failures remain primary enablers of compromise. Weak authentication practices, excessive user privileges, unpatched systems, and insufficient monitoring continue to provide attackers with straightforward paths into organisational environments. In many cases, the initial intrusion could have been prevented through stronger identity management and more consistent control enforcement.

Identity has increasingly become the central attack surface. As organisations adopt cloud platforms, remote working models, and third-party integrations, identity credentials often provide the fastest route to sensitive systems. Where privileged access is not tightly managed, or multi-factor authentication is inconsistently implemented, risk exposure increases significantly.

These findings align closely with regulatory expectations. Frameworks such as PCI DSS v4.0.1 place greater emphasis on multi-factor authentication, access control governance, and continuous monitoring. Similarly, standards such as ISO/IEC 27001 and NIST CSF 2.0 reinforce the need for structured identity and access management practices. Preventable control failures are no longer viewed as operational oversights — they are indicators of governance weakness.

For organisations operating in regulated sectors, the implications extend beyond technical remediation. Breaches linked to basic control failures can lead to reputational damage, regulatory scrutiny, and increased due diligence from customers and partners.

The message is clear: while advanced threat actors continue to evolve, many successful attacks still exploit fundamental weaknesses. Strengthening identity controls, enforcing least privilege, maintaining configuration hygiene, and conducting regular validation testing remain among the most effective measures organisations can take to reduce risk.

Source: IT Pro – Vast Majority of Breaches Enabled by Preventable Gaps and Identity Weaknesses, Says Palo Alto Networks
https://www.itpro.com/security/cyber-attacks/vast-majority-breaches-enabled-preventable-gaps-identity-weaknesses-palo-alto-networks