Why identity-first security is the first defense against sophisticated AI-powered social engineering

4 2 minutes read

Enterprise security is facing a significant challenge in the form of identity compromise through social engineering. Rather than sophisticated technical exploits, attackers are increasingly relying on tricking individuals into giving them access to sensitive information. Matt Caulfied, VP of product, identity at Cisco, explains that this age-old tactic has evolved into a high-tech threat where attackers can use AI to scale their attacks and target a larger number of individuals.

Despite the prevalence of identity-related breaches, there seems to be a disconnect between awareness and action within organizations. A recent report by Cisco Duo revealed that 51% of organizations have experienced financial losses due to identity breaches, yet 74% of IT leaders admit that identity security is often an afterthought in their infrastructure planning.

Caulfield acknowledges that solving the identity security problem is complex, as it involves a combination of social, psychological, and technical elements. However, he emphasizes that strong identity and access management (IAM) is no longer a choice but a necessity for ensuring overall security within enterprises, especially as AI agents become integrated into organizations.

In order to address these challenges, a new approach to security is needed. Trust can no longer be based solely on network or device access; instead, strong cryptographic identity authentication must be the foundation of security processes. Traditional forms of authentication, such as second-factor and multi-factor authentication, are no longer sufficient in the face of sophisticated attacks. Phishing-resistant authentication is becoming the new standard, requiring users to be physically present to access their accounts.

Despite the importance of phishing-resistant MFA, adoption has been slow due to complexity and cost concerns. While 87% of leaders recognize the critical nature of this approach, only 19% have deployed FIDO2 tokens, a standard method for achieving phishing-resistant MFA. However, Caulfield believes that implementing integrated tools and consolidating identity vendors can simplify operations and reduce costs in the long run.

Overall, security should not be seen as a hindrance but as an enabler for businesses. By investing in identity security, organizations can not only protect themselves from threats but also improve efficiency and productivity. Phishing-resistant authentication is seen as the key to achieving an identity-first approach to security that benefits both employees and customers.

To learn more about how Cisco Duo and Identity Intelligence are addressing identity security challenges, you can download Cisco Duo’s report, “The 2025 State of Identity Security: Challenges and Strategies from IT and Security Leaders.”

This article is sponsored by Cisco and was produced in partnership with VentureBeat. Sponsored articles are clearly marked and provide valuable insights into industry trends and solutions. For more information, contact sales@venturebeat.com.