Human and Identity Threats

About this shelf

Most modern attacks land through people and credentials, not through unpatched servers. Phishing remains the dominant initial access vector across every industry; Business Email Compromise costs more in absolute dollars than ransomware in most years; stolen credentials from infostealer logs feed a continuous stream of account takeovers. The defensive answer is not a single control but a layered combination of identity-aware authentication, privileged access management, user education, and detection of identity-based attack patterns that evade traditional endpoint and network controls.

Articles in this shelf cover both sides of the equation. The threats: phishing fundamentals and the evolving tradecraft (smishing, vishing, MFA fatigue, adversary-in-the-middle proxies that bypass legacy MFA), Business Email Compromise as a distinct category of fraud, broader social engineering patterns including pretexting and physical-vector attacks, and insider threats both malicious and negligent. The controls: Identity and Access Management (IAM) as the core foundation, Privileged Access Management (PAM) for high-impact accounts, identity threat detection and response, and the move toward phishing-resistant authentication (FIDO2, passkeys) as a meaningful step beyond SMS-based and TOTP MFA.

The articles are written with the recognition that people-based controls have limits. Awareness training does not solve phishing; well-funded social engineering will get through any human; insider threats are inherent in trusting anyone. The defensive posture that works combines technical controls that reduce the consequence of a successful social engineering attack with detection patterns that catch the post-compromise activity quickly. That perspective shapes how every article in this shelf is written.