The 22nd annual campaign shows the growing threat of identity-based attacks and calls on governments and businesses to strengthen their cyber defenses.
Cybersecurity Awareness Month 2025 marks a renewed push to address threats to US infrastructure by urging a shift in focus toward identity protection. Led by the Cybersecurity and Infrastructure Security Agency (CISA) under the theme “Building a Cyber Strong America,” the campaign targets government bodies and small-to-medium businesses that operate or support main services. CISA is encouraging all organizations, especially those with limited resources, to take practical steps to secure identities, manage access, and modernize authentication.
This year’s message moves beyond awareness and focuses on action. Identity remains the most commonly exploited entry point for attackers. Despite major investments in perimeter security tools, the majority of breaches still begin with stolen or misused credentials. Remote work, SaaS expansion, and cloud environments have erased traditional network boundaries, making every login a potential vulnerability.
According to industry data, over 70% of security breaches involve compromised identities, often via phishing, credential theft, or misuse of privileged accounts. These attacks are usually difficult to detect because they mimic legitimate user behavior.
To counter this, organizations are being urged to adopt a more proactive and integrated approach to identity security. These strategies include:
CISA stated that protecting identities must become a strategic priority, not just an IT compliance checkbox. The agency’s guidance frames identity security as a national resilience issue. It notes that while cyber awareness is necessary, lasting protection requires organizations to treat identity as the foundation of their defense strategy.
Industry experts echo this sentiment. Many now view identity-based attacks not as edge cases, but as the default method of entry for threat actors.
Findings from the Paubox 2025 Healthcare Email Security Report mirror CISA’s message: identity and email remain the biggest weak points across industries. In healthcare alone, 180 breaches in 2024 were traced back to compromised inboxes, and nearly one in three affected organizations had multiple unpatched security gaps. Fewer than five percent of phishing attempts were reported by employees, showing how often attackers succeed simply by targeting people instead of systems.
The HHS Office for Civil Rights has warned that waiting for an incident to expose compliance failures is no longer acceptable. The growing wave of identity-based attacks poses a “direct and significant threat to patient safety,” but the same lesson applies to every sector. As CISA’s campaign stresses, protecting identities through least privilege access, continuous monitoring, and phishing-resistant authentication is now the foundation of every modern cybersecurity defense.
As more systems migrate to the cloud and users work remotely, traditional network perimeters have dissolved. This makes individual login credentials and identity access points the most direct and scalable targets for attackers.
Phishing-resistant methods (such as passkeys or hardware tokens) eliminate shared secrets like passwords, making them less vulnerable to interception or social engineering.
Non-human identities include service accounts, APIs, and machine credentials used by software or devices. These are often over-permissioned and poorly monitored, making them a soft target for attackers.
Start by identifying which users and accounts have excessive permissions, then reduce access to only what’s needed for specific roles. Automated role-based access tools can help maintain this over time.
Lifecycle management ensures that user access is updated or removed as roles change, such as when someone joins, changes positions, or leaves the organization. Poor management often leads to orphaned or over-provisioned accounts, which attackers can exploit.