
Identity & Access Management • MAY 18, 2026
Identity is the New Perimeter: How Indian Enterprises Are Losing the Access Battle
For decades, the foundation of Indian enterprise cybersecurity was the perimeter. We built higher walls, deployed next-generation firewalls, and segmented physical networks. But as the Indian corporate sector aggressively embraced cloud-first architectures and hybrid work models over the last few years, that physical perimeter evaporated. Today, your perimeter is no longer a corporate firewall; it is the identity of your users and the service accounts running your infrastructure.
And right now, attackers are exploiting that shift with devastating efficiency.
According to global 2026 incident response data, identity weaknesses are now playing a material role in nearly 90% of all major enterprise breaches. In India specifically, we are seeing a massive spike in initial access being achieved not through sophisticated zero-day exploits, but through simple authentication subversion.
Threat actors are no longer bothering to break in. They are just logging in.
Beyond the Password: The Rise of Token Theft
The conversation around identity security often stops at Multi-Factor Authentication (MFA). While enforcing MFA across the board is a non-negotiable baseline, it is no longer a silver bullet. Advanced persistent threats (APTs) and sophisticated cybercriminal gangs operating in the region have adapted.
Instead of trying to brute-force a password or intercept an SMS code, attackers are utilizing Adversary-in-the-Middle (AitM) phishing frameworks. These AI-enhanced, highly convincing phishing pages proxy the login session in real-time. The user logs in, completes the MFA prompt, and the attacker silently steals the resulting session token.
Once that session cookie is hijacked, the attacker can bypass the login screen entirely. They inject the token into their own browser and inherit the user’s authenticated session, completely subverting the MFA defenses.

The Silent Threat of Non-Human Identities
Even more concerning than compromised employee accounts is the abuse of non-human identities (NHIs)—the API keys, OAuth grants, and service accounts that allow different SaaS applications to talk to one another.
Indian enterprises, particularly in the tech and BFSI sectors, have massive, fragmented identity estates. A single application might have dozens of over-privileged service accounts attached to it. Attackers actively hunt for these hardcoded credentials in GitHub repositories or Slack channels. Once acquired, these machine identities provide persistent, highly privileged access that rarely triggers standard behavioral alerts because they are supposed to be making automated backend calls.
Securing the New Perimeter
To stop losing the access battle, Indian IT and security leaders must pivot to an identity-centric defense model:
Move to Phishing-Resistant MFA: Transition away from SMS or simple push notifications toward FIDO2 hardware keys or biometric authentication, which cannot be subverted by AitM token theft.
Continuous Verification: Zero Trust cannot just happen at the login screen. Implement conditional access policies that continuously evaluate the user’s device posture, location, and behavior throughout the entire session, not just at the moment of authentication.
Audit Non-Human Access: Treat API keys and OAuth tokens with the same severity as domain admin credentials. Rotate them frequently, enforce the principle of least privilege, and actively monitor them for anomalous geographic or volumetric usage.
If your identity infrastructure is compromised, your network is compromised. It’s time to start defending the perimeter that actually matters.