Art Gilliland, CEO at Delinea, speaks to Capacity about how the threat landscape is shifting, why identity has become the frontline of cyber defence, and why the UK remains a prized target for adversaries.
The rise of identity-driven warfare
Gilliland says nation-state cyberattacks have evolved well beyond crude malware and opportunistic ransomware. “Adversaries are leveraging emerging technologies and automation to enhance their tactics,” he explains. Among the most prevalent are AI-generated phishing, deepfake-enabled fraud and ransomware campaigns that now operate on an industrial scale through Ransomware-as-a-Service models.
These operations are increasingly identity-focused, using compromised credentials and misconfigured multi-factor authentication (MFA) to infiltrate networks. “Attackers are exploiting machine identities, evading traditional defences and scaling their operations,” he says.
While ransomware remains the most visible threat, Gilliland warns that the automation of these tools is amplifying risk across critical infrastructure. “Misconfigured MFA and compromised Active Directory environments continue to be common vulnerabilities,” he notes.
“These attack methods are evolving to become more automated and identity-focused, amplifying the risk to businesses and critical infrastructure, and reinforcing the need for proactive, identity-first security strategies.”
Cyber conflict as statecraft
The escalation of these campaigns reflects the broader militarisation of cyberspace, where digital operations are now routine instruments of state power. “Nation-state actors are focusing on prolonged, stealthy operations that target government agencies, defence networks and critical industries to steal sensitive data, disrupt operations or undermine national security,” Gilliland says.
He points to the low cost of entry as a major factor enabling rogue nations to compete with traditional powers. “Because of the relatively low cost of entry to become a cyber warfare power, rogue nations leverage cyber to fund government activity as well as to play a larger role in geopolitics. Examples of countries that have been effective include North Korea and Iran.”
Despite the surge in awareness, Gilliland is unconvinced that global countermeasures are keeping pace. “Current government defences aren’t good enough,” he warns. “There’s an urgent need for nations to strengthen cyber defences and foster international collaboration to combat cross-border threats.”
Why the UK is in the crosshairs
The UK’s advanced digital economy and strategic influence make it one of the most attractive targets for hostile cyber activity. “The UK is considered a particularly attractive target because of its advanced digital infrastructure, global economic influence and strategic political and military role,” Gilliland says.
Its reliance on interconnected systems and its concentration of sensitive data have created rich pickings for both criminal and state-sponsored attackers. “Geopolitical tensions, particularly with Russia, have further heightened the threat, with adversaries actively exploiting vulnerabilities to disrupt critical infrastructure, gather intelligence and destabilise political environments.”
The sectors most exposed include government, defence, financial services and critical national infrastructure; energy, transport, healthcare and data centres—where even short outages can have systemic effects. Yet, Gilliland adds, small and medium-sized enterprises also face rising risk, often lacking the resources and countermeasures of larger organisations.
Identity: the new battleground
In many of these attacks, identity systems are the point of entry. “Nation-state attackers are increasingly targeting privileged accounts and identity systems as a primary means of fuelling their ransomware campaigns,” says Gilliland. By stealing or misusing legitimate credentials, intruders can move laterally and operate “virtually invisibly” to perimeter defences.
These operations are fuelled by a thriving cybercrime underground, where threat actors trade tools and techniques, combining deepfake-driven social engineering with automated target selection. Yet despite this reality, only a third of organisations have implemented a least-privilege posture to limit access rights.
Gilliland argues that a Zero Trust approach offers the strongest defence. “The most effective defence is to combine least privilege with segregation of duties, Privileged Access Management, MFA and AI-powered analytics,” he says. “This best-practice security approach assumes that no user or machine should be inherently trusted, and all should be continuously authenticated in a risk-based manner.”
Progress or regression?
Over the past 12 months, Gilliland says, the global threat landscape has worsened rather than improved. “Cyberattacks, particularly ransomware, have continued to surge, with more than two-thirds of organisations suffering a breach and over a quarter hit multiple times,” he notes.
In the US alone, incidents rose by a third, with attackers increasingly targeting large enterprises for ‘big-game’ operations while using simpler campaigns against smaller firms. The IT and telecoms sector saw attacks climb by 65%, retail by 57%, and half of healthcare organisations reported being hit.
“These industries share common traits, a low tolerance for outages and large volumes of sensitive customer and employee data,” he says. “The troubling reality is that despite greater awareness and investment, adversaries are evolving faster than defenders.”
Identity first, always
For Gilliland, the lesson is clear: the world has “taken a step backwards” and must double down on identity security to regain ground. “Nation-state actors are becoming more sophisticated, more automated and more identity-driven,” he concludes. “If we don’t treat identity as the first line of defence, we’ll continue to lose ground in a fight that’s only becoming more complex.”
RELATED STORIES
