Fady Younes, Cisco’s Managing Director for Cybersecurity across Middle East, Africa, Türkiye, Romania and CIS, warns that stolen credentials, AI-powered impersonation and hybrid work have made identity the number-one attack vector. In an exclusive interview with Arabian Reseller, he explains why most organisations still lack the visibility, AI-driven analytics and unified approach needed to stop attackers who simply “log in” and blend in.
How have identity-based attacks evolved in recent years, and why are they so difficult to detect?
Identity attacks have shifted dramatically – attackers no longer need to break in, they simply log in using stolen credentials or tokens. The rise of hybrid work, unmanaged devices, and AI-powered tools has made it easier for attackers to mimic legitimate users, blending into normal activity. Once inside, they can move laterally and escalate privileges, often without triggering alarms.
This makes detection extremely challenging, especially when organizations lack unified visibility across their identity systems. The key is to move beyond traditional authentication and invest in continuous monitoring, behavioral analytics, and AI-driven threat detection to spot subtle anomalies before they escalate.
What are the most effective measures organizations can take to prevent identity compromise?
Strengthening identity protection begins with making identity the foundation of the security program. Organizations need clear visibility into all users, devices, and access patterns supported by analytics that highlight unusual behavior. Many are still behind in maturity. Cisco’s recent AI Readiness Index highlights that only 31% in the UAE have integrated AI into their identity and security systems, which means blind spots remain.
We have introduced our Identity Intelligence, which runs on top of existing identity stores and uses behavioral analytics to uncover risky accounts, unused privileges, and anomalies. Combined with a more unified security stack and defined guidance around AI tool usage, organizations gain a much stronger ability to defend against identity compromise.
How can technologies like AI, behavioral analytics, or Zero Trust strengthen identity protection?
AI, behavioral analytics, and Zero Trust each serve a different role in strengthening identity security. AI cuts through noise at a scale humans simply can’t match, and we are already seeing that with platforms like Cisco XDR and our AI Assistant for Security, which correlate signals from across the environment to surface identity-related risks in seconds. Behavioral analytics adds the context you need to understand when something feels “off” in a user’s activity. And Zero Trust enforces the discipline of verifying every identity and device instead of relying on perimeter assumptions. When these layers work together, organizations can spot problems earlier and respond with far more confidence.
What role do human factors and security awareness play in mitigating identity threats?
It plays a huge role because most compromises still start with something small – a rushed click, an unfamiliar AI tool, or an employee using an unmanaged device without realizing the risk. You can have the best technology in the world, but if people don’t recognize how identity attacks actually unfold, then gaps will always appear.
Cisco’s Cybersecurity Readiness Index shows that only 62% of respondents are confident their employees fully understand AI-related cyber risks. Building practical awareness is key. Not long training sessions, but simple guidance that helps employees spot unusual requests, understand how attackers use AI and know when to take a second and double-check. When people become part of the detection layer, identity threats become much easier to contain.
How should organizations balance convenience with robust authentication and access controls?
Striking the balance starts with removing friction, it doesn’t have to be added. When security slows people down, they will likely try and find a workaround, so the goal is to make protection feel invisible. Adaptive authentication is a good example, stepping up only when the risk is high instead of forcing heavy checks on every login.
Consolidating identity systems also helps because users should not have to navigate multiple logins or security prompts just to get their work done. And with AI, you can assess context in the background and adjust access dynamically. In the end, it’s a smoother experience for users while still maintaining tight control where it matters most.
What common mistakes do companies make when implementing identity protection strategies?
A common mistake is assuming identity protection is complete after deploying a few controls. The reality changes every day, especially with hybrid work and unmanaged devices creating new patterns that old policies don’t account for. Then there’s the issue of complexity. Many organizations are running ten or more disconnected security tools, which leaves gaps and makes it hard to see how an identity is being used across the environment. Shadow AI is also becoming a real blind spot. When employees use AI tools that IT can’t see or govern, which is 54% of organizations we surveyed, visibility over where identities and data are being used is lost – and that lack of oversight gives attackers room to operate.
Looking ahead, what trends will most influence the future of identity-based attack prevention?
Identity protection is going to be shaped by two big shifts. First, the speed and scale of AI. Last year 93% of organizations in the UAE reported facing AI-related security incidents, and as attackers use AI to automate reconnaissance and impersonation, we will need stronger identity intelligence to keep up.
The second trend is visibility. Hybrid work and unmanaged devices are already creating gaps, 88% of organizations say these setups increase risk. We will also see more demand for simpler, unified security architectures because 81% of organizations say their current complexity slows response. The future of identity defense is about speed, context and consolidation.
