The future of cybersecurity isn’t just about faster processors or more complex algorithms; it’s about definitively knowing who is accessing what. As threats become increasingly sophisticated, fueled by artificial intelligence and readily available deepfake technology, organizations are realizing that traditional security measures are no longer enough. Protecting data now hinges on robust identity verification and management, a shift that RSA CEO Greg Nelson believes will separate the leaders from the laggards in the coming months. The focus on identity and access management is no longer a back-office concern, but a core business imperative.
Nelson, speaking at the RSAC Conference 2026, emphasized that resilience is now inextricably linked to identity security. Organizations are operating in increasingly complex “deploy-anywhere” environments, spanning cloud infrastructure and on-premise systems. This distributed landscape, while offering flexibility, dramatically expands the attack surface. The challenge isn’t simply preventing breaches, but rapidly detecting and responding to compromised identities, particularly as attackers leverage social engineering and increasingly convincing deepfakes to bypass traditional security protocols.
The Rise of Identity-Based Attacks and the Deepfake Threat
Identity-based attacks, including credential stuffing and phishing, consistently rank among the most prevalent and damaging cyber threats. According to Verizon’s 2026 Data Breach Investigations Report (DBIR), identity compromise was a factor in 82% of breaches investigated. Verizon DBIR. However, Nelson warns that the sophistication of these attacks is escalating. Deepfakes – synthetic media convincingly mimicking real people – are now being used to target help desks and internal support teams, enabling attackers to gain access to sensitive systems and data. These attacks exploit the human element, bypassing technical defenses by convincingly impersonating authorized users.
“The companies that win over the next three quarters will be the ones that get identity right, stay ahead of those threat vectors and embrace some of the topics we talked about here today,” Nelson stated. This includes investing in technologies and strategies that move beyond traditional passwords and multi-factor authentication (MFA) towards more robust and adaptive identity verification methods.
Passwordless Authentication and the Hybrid Environment Challenge
The industry is increasingly focused on passwordless authentication as a key component of a stronger identity security posture. Methods like biometrics, FIDO2 security keys, and certificate-based authentication offer a more secure and user-friendly alternative to passwords. However, Nelson acknowledges that widespread adoption faces challenges, particularly in hybrid environments where organizations rely on a mix of legacy systems and modern cloud applications. Integrating passwordless solutions across this diverse landscape requires careful planning and execution.
The transition to passwordless isn’t simply a technical upgrade; it requires a fundamental shift in how organizations think about identity. Traditional MFA, while an improvement over passwords, can still be vulnerable to phishing and other attacks. Passwordless solutions aim to eliminate the reliance on shared secrets altogether, making it significantly harder for attackers to compromise accounts. However, ensuring interoperability and maintaining a seamless user experience across all applications and devices remains a significant hurdle.
Managing AI Risk and Shadow IT
The increasing use of artificial intelligence (AI) presents both opportunities and challenges for cybersecurity. While AI can be used to enhance threat detection and automate security tasks, it can also be exploited by attackers to create more sophisticated and targeted attacks. Nelson highlighted the importance of managing AI risk, establishing clear governance policies, and addressing the growing threat of shadow IT – the use of unauthorized hardware or software within an organization.
“Organizations necessitate to understand how AI is being used within their environment, both by their security teams and by their employees,” Nelson explained. “Without proper governance, shadow IT can create blind spots and introduce new vulnerabilities.” This requires a proactive approach to identifying and managing AI-related risks, including data privacy concerns and the potential for algorithmic bias.
The Role of Continuous Authentication
Beyond passwordless authentication, experts are increasingly advocating for continuous authentication – a method of verifying a user’s identity throughout a session, rather than just at the point of login. This involves analyzing a variety of behavioral and contextual factors, such as typing speed, mouse movements, and location, to detect anomalies that may indicate a compromised account. Continuous authentication adds an extra layer of security without disrupting the user experience.
Nelson, who brings over 25 years of experience in SaaS, software, and technology leadership, previously served as chief commercial officer at Omnitracs, overseeing mission-critical identity and access management solutions. His insights reflect a growing consensus within the cybersecurity community: that identity is the new perimeter.
Looking ahead, organizations must prioritize investments in identity security technologies and strategies. The threat landscape will only continue to evolve, and those who fail to adapt will be increasingly vulnerable to attack. The next key development to watch will be the implementation of new federal guidelines on digital identity verification, expected to be finalized by the National Institute of Standards and Technology (NIST) in late 2026. NIST Digital Identity Guidelines. These guidelines are expected to provide a framework for secure and interoperable digital identity systems, further accelerating the adoption of more robust identity verification methods.
What are your organization’s biggest identity security challenges? Share your thoughts in the comments below, and please share this article with your network.
