The corporate attack surface has expanded exponentially over the last few years due to the proliferation of remote working, cloud assets, internet of things (IoT) devices, and emerging technologies like agentic artificial intelligence (AI). This expansion offers increased opportunities for cyber threats, particularly ransomware, to permeate organizational defenses.
Recent research from Delinea's 2025 State of Ransomware Report shows that many firms are taking a reactive approach to ransomware attacks, rather than focusing on how to prevent them from happening.
One critical reason ransomware actors are thriving is that many firms do not have an identity-first security strategy. For example, only 34% of organizations have adopted a least privilege approach, which is a key element of an identity-first approach.
Least privilege is a best practice security principle that stipulates that access rights for users and machines are limited to those absolutely necessary to perform their functions. When properly implemented, a least privilege approach significantly shrinks the potential attack surface for ransomware by restricting access that could be exploited by unauthorized users or software.
Why is adopting a least privilege posture so vital in the context of ransomware? At its core, it minimizes the blast radius of an attack by ensuring that the infection from a compromised account or system doesn't spread unchecked across the network. This is achieved by:
Least privilege is a cornerstone of the zero-trust model and highly effective when integrated with strategies like Segregation of Duties (SoD), Privileged Access Management (PAM), multi-factor authentication (MFA), and AI-powered analytics. Zero trust operates on the premise that trust should never be assumed, either inside or outside the network, and that authentication is continuously required.
Despite its benefits, least privilege adoption is fraught with challenges, particularly in large organizations where permissions management needs to be meticulously handled across thousands of users and machines. The complexity of continuously managing these permissions can be daunting.
A mature Identity and Access Management (IAM) program can help firms overcome these challenges. A robust IAM program should define and regularly audit roles and responsibilities tied to user access. Organizations can rely on tools like Cloud Infrastructure Entitlement Management (CIEM) and Identity Threat Detection and Response (ITDR). These tools are designed to help organizations continuously monitor and manage privileged accounts and respond to incidents swiftly. They play a crucial role in the discovery, management, and protection of identity and access permissions.
Even more, incorporating governance over an IAM program ensures a balanced approach, integrating people, processes, and technology. This holistic approach is essential for ensuring that the security measures are not only technically effective but also aligned with the organizational culture and operational needs.
The journey towards adopting a least privilege model is complex and requires a strategic blend of technology, governance, and continuous management. However, the benefits far outweigh the challenges in a rapidly changing ransomware threat landscape. By reducing the attack surface and securing identity and access management, organizations can significantly enhance their defensive postures against such threats.
Download the Delinea 2025 State of Ransomware Report for deeper insights into current threats and how identity-first security can help protect your organization.