Maryanne Baines has spent her career at the intersection of cloud infrastructure and enterprise security, guiding some of the largest organizations through the maze of modern tech stacks. As a recognized authority in cloud technology, she specializes in dissecting how global corporations can shield their digital assets against an increasingly hostile landscape. In this discussion, she explores the dangerous evolution of cybercriminal syndicates, the psychological tactics behind identity theft, and why the IT channel must pivot toward managed identity services to keep pace with sophisticated threats. The conversation covers the recent wave of high-profile breaches, the technical mechanics of social engineering, and the strategic implementation of Risk-Based Authentication to secure the modern corporate perimeter.
Major organizations have recently faced massive data leaks after sophisticated cybercriminal syndicates merged their operations; how has this shift changed the threat landscape for global brands?
The landscape shifted dramatically once prolific cybercriminal syndicates like Scattered Spider and ShinyHunters decided to merge their operations, creating a powerhouse of illicit expertise. This consolidation has led to a relentless wave of attacks on even the most well-resourced brands, including Visa, Marks & Spencer, Jaguar, and Harrods, proving that traditional defenses are often insufficient. The sheer scale of their success is staggering—look at the March 2026 breach of the European Commission, which resulted in a massive 350GB data leak in just a four-month window. It is a chilling reminder that these groups are now targeting the very heart of international governance and commerce with unprecedented efficiency. For security teams, the emotional toll of defending against such a unified front is heavy, as these attackers operate with a level of coordination that was rarely seen just a few years ago.
When we look at the anatomy of these identity attacks, how are criminals using social engineering to bypass modern security controls like multi-factor authentication?
These attackers have mastered the art of “vishing” and phishing to exploit the human element, which remains the most vulnerable part of any network. A typical scenario involves a criminal masquerading as internal IT support, calling an employee’s personal or work phone with a sense of urgency that triggers a “fight or flight” response. They might claim there is a need to reset credentials, subsequently sending a modified account reset link designed specifically to bypass non-phish-resistant MFA. Once they hijack those credentials, they can replay the MFA token to access SaaS resources and begin the cold, calculated process of exfiltrating corporate data for extortion. By scouring social media, they link employee names to job titles and personal interests, making their deceptive pitches feel incredibly personal and legitimate to an unsuspecting worker.
In an environment where identity is now the primary attack vector, what specific technical capabilities should a modern IAM solution provide to ensure a “single source of truth”?
A robust Identity Access Management solution must go beyond simple password storage and provide deep integration across the entire corporate environment, including aging legacy systems. The most critical element is the correlation of login data, which allows the system to identify potential anomalies that would otherwise go unnoticed in a complex network. For example, by tracking “Impossible Travel” scenarios or sudden IP address changes, security teams can flag a login attempt that technically uses the right password but originates from a suspicious location. Automated analysis is the first line of defense, but it must be followed by clear reporting that provides stakeholders with actionable intelligence. When these systems work together, they create a transparent map of the network, ensuring that no identity—human or service-based—can move through the shadows without being accounted for.
How can organizations implement strategies like Risk-Based Authentication to stop these breaches without creating a frustrating experience for their legitimate employees?
The beauty of Risk-Based Authentication, or RBA, is that it works silently in the background until it detects something truly out of the ordinary. By implementing User and Entity Behavior Analytics, or UEBA, the system creates a baseline profile of a user’s typical daily activity, only triggering a biometric check or MFA prompt if those patterns are broken. Integrating FIDO2 passkeys, whether through software or hardware tokens, is a total game-changer, as it has been shown to eliminate 90% of the common flags generated by simple password guessing. This creates a more frictionless experience for the staff while simultaneously hardening the perimeter against sophisticated replay attacks. It turns security from a series of annoying hurdles into a smart, adaptive layer that understands the difference between a late-night project and a malicious intrusion.
For IT partners and managed service providers, what are the essential steps to building a resilient identity-led security offering for their clients?
Managed service providers must first perform rigorous “housekeeping” in their own environments to prevent supply chain compromises, which are a top concern as we move through 2026. Once their own house is in order, they should focus on standardizing their solution stack around core platforms, such as Microsoft Entra ID, to ensure consistency and reliability. A successful service must include a comprehensive onboarding blueprint that minimizes business outages, as the transition to a new identity service can be nerve-wracking for a client. Furthermore, the service must be powered by machine learning and AI for continuous risk analysis and workflow orchestration. By moving away from just selling tools and toward delivering a resilient identity strategy, partners can help their customers navigate this evolving threat landscape with confidence.
What is your forecast for identity-led risk?
I believe we are entering an era where identity will no longer be viewed as an administrative task, but as the absolute frontline of corporate warfare. As attackers continue to refine their social engineering tactics and target identity stores directly, organizations will be forced to move toward a completely passwordless environment driven by hardware-backed authentication. We will see a massive shift where every single non-human service identity is monitored with the same scrutiny as a high-level executive, as these “ghost” identities are becoming a favorite backdoor for syndicates. Ultimately, the winners in this landscape will be the companies that treat identity as a living, breathing ecosystem that requires constant vigilance, rather than a “set it and forget it” security checkbox.
