蹤獲弝け

Artificial intelligence Cybersecurity SaaS

The Billion-Dollar Security Threat: All Industries On Guard

Cybersecurity illustration with shield, books, laptop. [Dom Guzman]

By

The costs are piling up from a three-year running cybersecurity threat that shows no signs of abating as it spreads to more industries.

The likely culprit: a hacking collective known as Scattered Spider. The playbook: get into a companys internal systems via hacked employee credentials, cause havoc, demand ransom.

Just recently, was in an attack by the group. The company hasnt been able to make cars for a month as a result. Before that, that annual executive bonuses would be cut by 15% after Scattered Spider targeted them in a July cyber attack.

Jason Martin is a co-founder and co-CEO of Permiso Security
Jason Martin

sued its help desk provider, , for $380 million in damages, Cognizant improperly reset passwords for hackers posing as employees. A few weeks earlier, supplier estimated it lost up to when hackers disrupted systems. Three years ago, casinos were hit.

This is real money, and a real threat that most companies are not well prepared to guard against. Today, hackers dont just bust into corporate systems, they log in like thieves walking in through open household doors. Almost nine of 10 (88%) of breaches via basic web applications involve use of stolen credentials, indicates s 2025 .

In the case of Scattered Spider, culprits do such things as ask for password resets, change phone numbers tied to multifactor authentication solutions, or add phone numbers to reset passwords, and more.

The rise of AI and AI agents make securing identities even more critical. As AI agents spread, theyre a new class of non-human identities that vastly increase the attack surface. As with most cybersecurity threats, Scattered Spider changes tactics all the time and we are seeing indications of AI use supporting and augmenting their social engineering tactics.

Putting up speed bumps

When modeling approaches to increase resilience against their attacks its best to think of the worst case, which is: assume breach. Then evaluate how quickly you could detect attacks matching their approach and what your teams would do. While keeping them out is an admirable goal, it is very difficult since they exploit the processes youve set up to support your own enterprise users or contractors. The most realistic goal is to set up speed bumps to slow hackers down so theyre stopped before doing much damage.

Steps to bolster defenses include:

Teamwork. Most companies have security teams. A lot of companies now have identity teams. Identity refers to employees or AI agents with access to company assets via passwords and other credentials.

Given the rise of identity-based cybersecurity threats, its imperative that these teams fuse or work more closely together to find shared solutions. Company assets are now also highly fragmented, with some in the cloud, some on-premise and some via software-as-a-service providers like . Theres also shadow IT and shadow AI, like ChatGPT, that employees use that security or identity people may not know theyre using. Every organization needs to be clear on who owns what from a security and identity perspective so that guidelines, policies and solutions are more airtight.

Awareness. How exposed are you? How much identity sprawl do you have? Identity sprawl occurs over time, just like data sprawl. New hires get digital identities and access to company data. In almost all cases when it comes to the cloud, policies are too lenient, research finds, which means employees have access to things they dont really need which can add security risk. Theres also risk when people leave a company, voluntarily or not, if digital identities dont get quickly or properly shut down.

With Scattered Spider, were seeing criminals access things that real employees havent opened in more than a year. Identity management is not one and done. Identities have a life cycle and need to be managed through the whole thing.

Observability. How well can you see whats going on inside your company? An attack via a network sets off bells and whistles. But when an employee logs in whos not an actual employee, theres no bell or whistle. Instead, you want to detect threats via signals of suspicious and malicious activity.

Basic Training/Testing. Nearly 70% of organizations recently surveyed believe their employees . This needs to change because employees, while one of your biggest cybersecurity risks, will also be one of your best lines of defense. Of course, training must extend to third-party vendors.

In its lawsuit, Clorox alleges that a hacker got a multifactor authentication reset by simply telling the help desk worker that the MFA wasnt working and that he or she was on my old phone. Beyond training, test vendor performance so that youre not blindsided if theyre not doing what theyre supposed to be doing.

Like good insurance

No doubt, companies will eventually take the right steps to curb Scattered Spider-like attacks. The bad news is that cybercriminals will adjust to launch new tactics. Companies that make cybersecurity defense a priority will be like people who have good insurance. They will never totally prevent risk, but theyll mitigate damage.


is a co-founder and co-CEO of , a leader in identity security, providing advanced solutions to help organizations detect and respond to threats targeting human and nonhuman identities across cloud environments. His extensive background includes leadership roles at , where he contributed to product strategy and engineering. Martin is also an active investor and adviser, supporting various startups in the security domain, and has authored multiple publications that contribute to the understanding of security analytics and risk assessment.

Related 蹤獲弝け query:

Illustration:

Stay up to date with recent funding rounds, acquisitions, and more with the 蹤獲弝け Daily.

67.1K Followers

CTA

Discover and act on private market opportunities with predictive company intelligence.

Copy link