SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Email attachment20260307 3383640 7n6650
#
Malware
#
Firewalls
#
Network Security

Droplet warns UK that identity-based cyber defences fail

Fri, 6th Mar 2026
Author image
By Kaleah Salmon, News Editor

Droplet has warned that organisations face growing cyber risk from state-backed and politically motivated attackers, and questioned whether common identity-based controls can withstand a sustained campaign.

The warning comes amid heightened public discussion about cyber activity linked to Iran and wider regional tensions. UK intelligence and security bodies have advised organisations to prepare for potential disruption. Separately, reports suggest Iran's cyber command structure may have been targeted itself, though the impact on future activity remains unclear.

Barry Daniels, Droplet's chief executive, said organisations should assume hostile actors already have valid credentials, changing the nature of the security challenge. In his view, access is increasingly granted through trusted identity checks rather than forced through technical weaknesses.

"The digitisation of war and international conflict is nothing new; however, with the increased threat of cyber criminals looking to penetrate Critical National Infrastructure (CNI), their approach shifts from commercial benefit to national shutdown," Daniels said.

Identity under strain

Many organisations rely on identity and access controls as a primary security layer, including Multi-Factor Authentication, Single Sign-On, Zero Trust Network Access, and Identity and Access Management. Businesses have invested heavily in these approaches over the past decade, often alongside endpoint protection and network security tools.

Droplet argues these controls share a common assumption: identity verification sits at the centre of access decisions. Daniels said that the model encourages attackers to focus on credentials and session tokens, rather than exploiting infrastructure.

"When it comes to identity-based security models such as Multi Factor Authentication (MFA), Single Sign On (SSO), Zero Trust Network Access (ZTNA) and Identity and Access Management (IAM), these have all been built on a single premise: verify a user's identity and grant access - in effect, checking the peephole and letting someone in through the front door," Daniels said.

Identity theft remains one of the most common routes into corporate networks. Attackers use phishing, malware, credential stuffing, and social engineering. They also exploit weak password practices and credential reuse across services. Access brokers buy and sell corporate logins, and some credentials remain valid long after a breach.

Daniels said this history matters in a geopolitical context because stolen credentials can be held and used during a crisis. "This gives all the power to identity, which is so easy to fool, making it a primary target for those leading cyber warfare efforts. They no longer need to break into architectures because they already hold the identity keys to the organisation. Having previously stolen the relevant credentials - potentially some time ago while waiting for the right opportunity - trust itself becomes weaponised. And instead of being unable to buy a new pair of jeans or a car, the results could be far more devastating. If homes and businesses lose access to the internet or energy utilities, being cut off can and will instill panic nationally," he said.

Layered defence

Droplet argues security teams should raise the barrier to access inside the environment, rather than add more perimeter controls or expand the number of suppliers. Daniels described this as increasing the number of "keys" required to reach systems and applications, while keeping the architecture manageable.

"Mitigating this risk needn't take considerable time or expense. Instead, organisations should increase their security layers - but not the number of security vendors they work with. By increasing the number of keys needed to access an architecture, organisations can build a more robust, proactive defence. With CNI under particular scrutiny and the risk of downtime reduced, it also helps the business - and the country - remain operational," Daniels said.

Droplet sells a product called Droplet NeverTrust, described as a container-based security product that does not rely on identity-based protection to shield servers and applications. It says the product can sit across the seven-layer OSI model and allow legacy applications to run in modern environments without re-platforming or code changes.

Operators of critical national infrastructure have tightened cyber controls in recent years following attacks and attempted intrusions against energy, utilities, transport, healthcare, and government suppliers. Many now assess cyber resilience alongside operational safety, focusing on segmentation, access governance, recovery planning, and incident response.

Daniels said the right architecture assumes compromise and reduces the value of credentials, adding that he has seen the approach used in the UK's critical national infrastructure sector.

"Such an approach is only possible when they build their IT security architecture around a 'never trust' strategy. Having seen first hand this approach work for major UK-based CNI in thwarting a nation state attack, it is now of national importance that others see how building a multi-layered defence from the inside out, rather than the outside in, will reduce the threat of cyber warfare that is knocking on the door," Daniels said.

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
BlackBox Hosting partners Everpure for sovereign cloud
Locai Labs deploys AI coding assistant at First Light Fusion
Infosecurity Europe adds AI summit amid cyber defence shift

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack