In today’s digital-first world, identity has become the new security perimeter. The traditional network edge has dissolved as organisations embrace cloud platforms, SaaS applications, and hybrid working models. This shift has created a lucrative target for attackers: identity compromise.
During our recent webinar, Identity Under Attack: Securing Access and Surviving the First 48 Hours, (Available within our On Demand section), Node4 partnered with cyber incident response specialists S-RM to explore why identity-based attacks are rising and what businesses can do to protect themselves.
Identity: The Modern Attack Surface
As Glenn Akester, Technology & Innovation Director for Cyber Security & Networks at Node4, explained, attackers rarely rely on complex exploits. Instead, they use stolen credentials, social engineering, session hijacking, and phishing to gain access. Once inside, they move laterally, escalate privileges, and target sensitive data. The consequences can be severe – ransomware deployment, data exfiltration, and extortion.
For UK mid-market organisations, the challenge is compounded by limited resources and fragmented security stacks. Many businesses have invested in tools like Microsoft E3 but aren’t leveraging their full capabilities. Consolidation and integration are key to improving visibility and reducing risk.
Download your ACT Against Cyber Risk: A Practical Guide for UK CISOs eBook
The First 48 Hours: Why Speed is Critical
Tim Geschwindt, Head of Cyber Incident Response at S-RM, shared real-world insights into what happens after a breach. The first 48 hours are crucial for containment and recovery. S-RM’s experience responding to high-profile incidents, including attacks on major UK retailers, highlights the importance of:
- Rapid Scoping and Coordination
Bringing together technical teams, business leaders, and third-party partners immediately. - Containment Actions
Locking down network access, isolating compromised accounts, and preventing further intrusion. - Recovery Planning
Verifying backups, preparing clean environments, and ensuring safe restoration. - Negotiation and Threat Intelligence
Understanding the threat actor’s tactics and delaying data leaks where possible.
Tim also noted a significant trend: social engineering attacks targeting service desks have surged in 2025, while traditional technical exploits are declining. This shift underscores the need for robust identity security and zero-trust principles.
Key Takeaways for Businesses
- Identity is the gateway to your entire infrastructure
Protect it with strong authentication, monitoring, and integrated security controls. - Prepare for the inevitable
Incident response planning isn’t optional, it’s essential. - Invest in detection and response
Cyber insurers increasingly focus on resilience and recovery, not just prevention. - Leverage expert support
Node4 offers assessment, consolidation, and 24/7 threat triage, while S-RM provides world-class incident response.
Are You Ready?
Only 30% of UK businesses have user monitoring in place, a shocking statistic given identity compromise is now one of the most prevalent attack vectors. If a user’s session was hijacked today, could you detect it? Would you know how to respond?
Node4 can help you answer those questions. We’re offering a free Security Doctor assessment to evaluate your current posture and provide actionable insights.