Why Cyber Warfare is Now a Security Issue for All Enterprises

Cyber warfare is no longer limited to geopolitics. What was once primarily a concern for government agencies and defense contractors is now a reality for enterprises across every industry. In March 2026, an Iranian-linked hacking group, Handala, claimed to have wiped over 200,000 systems, servers and mobile devices at Stryker — a medical technology company with no direct connection to geopolitical conflict — by exploiting a legitimate endpoint management tool inside the company’s environment.

This is the reality enterprises must now prepare for. Organizations are being targeted regardless of their proximity to conflict, and the assumption that only government agencies are at risk has become increasingly dangerous. The cyber attack surface has expanded, tactics continue to evolve and enterprise security posture must evolve with them.

How cyber warfare is reaching enterprises

The tactics driving modern cyber warfare are no longer aimed solely at federal targets. Nation-state actors increasingly target enterprises as a pathway to broader disruption, whether to access supply chains, exfiltrate sensitive data or cause collateral damage across interconnected infrastructure. At the same time, criminal threats have scaled independently. AI automation has made sophisticated attacks cheaper and faster to execute, and Ransomware-as-a-Service (RaaS) platforms have turned what once required significant resources into an accessible playbook. AI-generated phishing campaigns and autonomous attack tooling are now standard, not exceptions. Enterprises are facing both threats simultaneously, and the defenses required to address them overlap significantly.

The supply chain dimension makes this particularly dangerous. A single compromise can affect every enterprise connected to it, and many of those organizations never considered themselves a target. That assumption is exactly what attackers rely on. Enterprises are not bystanders; they are often the pathway through which attacks succeed at scale. Access to an enterprise network means access to customers, partners, sensitive data and financial systems. Any organization embedded in a complex supply chain can become an attack vector.

Enterprises underestimate the impact of identity on the attack surface

In most large-scale cyber attacks, compromised identities are the primary targets. Cyber attackers use techniques like password spraying and credential harvesting to breach organizations across industries, including healthcare and financial services. In many cases, the entry point can be traced back to a compromised identity, including Non-Human Identities (NHIs) such as service accounts and AI agents.

Keeper Security’s research report, Identity Security at Machine Speed, reinforces this trend, finding that legacy tools and unchecked AI adoption are accelerating identity-based attacks at a pace that many organizations cannot address. In fact, 43% of the 3,200 cybersecurity decision-makers surveyed globally identify AI-related NHI management as a top gap in identity governance. Service accounts with stale permissions, API keys embedded in code repositories and AI agents provisioned outside established governance processes are all gaps cyber attackers exploit, and most organizations don’t have clear visibility into how many of these exist in their environments.

Legacy PAM wasn’t designed for this environment

Most enterprises still govern privileged access using an architecture structured for a traditional era of on-premises environments, human administrators and set network perimeters. That model no longer reflects how modern enterprises actually operate. Organizations must now account for cloud-native environments, distributed workforces, third-party integrations and AI-driven workflows that have dissolved the perimeters legacy Privileged Access Management (PAM) solutions were designed to protect. AI agents, service accounts and other machine identities often remain outside its scope.

The gap isn’t just technical, it’s structural. Organizations that haven’t revisited their PAM architecture in the last 3 years are likely governing only a fraction of their actual privileged-access footprint.

What enterprises must do differently to stay secure

For most enterprises, the gap between their current security posture and what the threat environment entails is wider than it appears. Closing that gap requires a stronger focus on zero-trust security, PAM and least-privilege access.

Adopt zero-trust security

Zero-trust security is built on the principle that no user, device or system is implicitly trusted, regardless of whether it operates inside or outside the network perimeter. Access is granted through continuous verification of identity, context and risk, and revoked as soon as verification fails. For enterprises facing attackers who move laterally through environments using legitimate credentials, zero trust provides a stronger security model by ensuring every authentication decision is continuously validated rather than assumed. 

Extend PAM to NHIs

PAM that stops at human users does not manage all privileged access; it governs only part of it. Administrative and machine-level access to AI training data, deployment environments and critical production systems must be managed with the same level of control applied to privileged human accounts. In practice, that means having unique, verifiable identities for every service account and AI agent, enforced access boundaries and zero standing privileges. 

Enforce least-privilege access

Overpermissioning is generally addressed retroactively through periodic access reviews. Least-privilege access should instead be embedded directly into development and deployment pipelines from the beginning so human and machine identities are provisioned with only the access required for a specific task — nothing more. Preventing unauthorized access at the point of provisioning is much more effective than trying to contain a supply chain compromise after the fact. 

Monitor and audit all activity

Full visibility isn’t optional when cyber attackers can operate within environments using compromised yet legitimate credentials. Human and NHI activity must be continuously monitored, recorded and logged across all privileged sessions and automated workflows. The goal is to detect privilege misuse, data exposure and suspicious behavior before incidents escalate and cause broader damage. 

Demand supplier assurance

An enterprise’s security posture is only as strong as the weakest link in its supply chain. Any vendor with access to your infrastructure through data, software or integrations can become an entry point for attackers. Self-attestation is not enough. Suppliers should be required to demonstrate compliance through independent assessments and verifiable controls. 

Prepare for cyber warfare’s collateral damage

Cyber warfare reaching enterprises is nothing new. What has changed is the level of automation behind these attacks and the scale at which they can now operate. There is no practical reason to assume an enterprise will be overlooked. Organizations must evaluate whether their current security strategy is equipped to withstand modern cyber threats. If your organization still operates with tools that were never designed for cloud-native environments or NHIs at scale, the governance gap in identity access and supply chain security may be wider than it appears. KeeperPAM is built to help close that gap.