Daily Insight: Identity | Credential Half-Life as Enterprise Liability

Welcome reader, here’s today’s Daily Cyber Insight.

Brought to you by:

Smallstep – Secures Wi-Fi, VPNs, ZTNA, SaaS and APIs with hardware-bound credentials powered by ACME Device Attestation

 LockThreat – AI-powered GRC that replaces legacy tools and unifies compliance, risk, audit and vendor management in one platform

CybersecurityHQ provides analyst-grade cyber intelligence used by CISOs and security leaders inside the Fortune 100. Each briefing identifies structural security failures and decision breakdowns across identity, machine trust, third-party access, and enterprise attack surfaces. This work exists to inform executive judgment, not to react to headlines.

—

Coverage includes weekly CISO intelligence, deep-dive reports, and formal decision artifacts. Individual and organizational coverage available.

Signal Between April and June 2024, a coordinated campaign compromised ~165 Snowflake customer environments. Per Mandiant, over 80% of affected accounts had credentials exposed via infostealers years earlier, some dating back to 2020. None had MFA enabled. Nearly two years later, there is no evidence that enterprise credential half-life has materially shortened.

Assumption Retired "Credential hygiene is a user problem." The Snowflake campaign demonstrated that credential exposure is an organizational time-bomb. Credentials compromised years earlier remained valid, unmonitored, and exploitable long after the employees who created them had moved on.

Insight Identity failure is no longer about how credentials are stolen. It is about how long organizations allow stolen credentials to remain usable. Time, not attacker sophistication, is the dominant multiplier.

Unresolved Edge If credentials exposed in 2020 remain valid in 2025, what is the actual half-life of enterprise identity compromise, and who owns liability for credentials that outlive both employees and security leadership?