Identity has moved from the sidelines to the centre of the security playbook – a key point highlighted by Mike Reddie, Okta’s vice-president and general manager for ANZ, who stepped into the role earlier this year after a successful run at ServiceNow.
“Humans are the weak link, and passwords are completely unmanageable and insecure at the scale we use them,” Reddie told the iTnews podcast, Building Trust in the Age of Identity Chaos.
Reddie said identity has become the front door for attackers, citing a year where 16 billion passwords leaked online and Australian organisations continue to rely heavily on weak login habits.
“Most of the major breaches we’re seeing now aren’t about sophisticated hacks. They’re about people walking straight through the front door with valid credentials.”
Passwords, Pressure, and the Boardroom
Reddie pointed to Okta’s 2025 Customer Identity Trends Report, which found 76% of organisations still depend on passwords, and 67% of people reuse them. “That highlights the problem in itself,” he said. “We need to move beyond passwords. It’s time for the next horizon of how we secure data and applications.”
But it’s not just usability that’s at stake. Regulatory frameworks such as CPS 230 and CPS 234 in financial services, and IRAP assessments across government, are driving identity to the top of board agendas.
“This is absolutely a board-level subject,” Reddie stressed. “The reporting requirements are ongoing and increasing, and CIOs and CISOs need to articulate the business value of identity security in a way that resonates with boards, not just tech teams.”
AI, Non-Human Identities, and New Attack Surfaces
Indeed, the rise of AI is reshaping identity threats at pace. “AI is empowering bad actors. It makes them smarter, more capable, and the scale of risk increases exponentially,” Reddie said.
He warned that organisations need to be prepared for the explosion of human and non-human identities — from bots to AI agents — that now need the same governance as human logins. “Identity gives AI systems accountability. We need to know which AI agents have scopes, permissions, logged access, and real-time revocation if needed,” he said.
A recent example, the “EchoLeak” in Copilot, highlights how quickly new threats emerge as AI adoption accelerates across both consumer and enterprise environments.
Balancing Trust and Experience
Okta’s research also revealed that 74% of consumers rank brand trust above product value, and 36% of Gen Z abandon purchases due to login friction.
“People want seamless, frictionless experiences. Security can’t come at the cost of usability,” Reddie said. Adaptive authentication, he explained, allows organisations to “tighten controls when risk is high, and lower friction when a user is recognised and trusted.”
Building Culture and Resilience
Beyond technology, Reddie said that cyber resilience is as much about culture as controls.
“If people see security as a blocker, they’ll work around it,” he said.
“Identity is the intersection of people and technology, and culture is foundational. It comes down to how employees behave with passwords, devices, and even how they walk through a secure door.”
What’s Next?
Looking ahead 12–18 months, Reddie expects three shifts to dominate:
- Passkey adoption replacing passwords.
- Board and regulatory pressure intensifying.
- Non-human identity management becoming mission critical.
“Identity is the foundation of trust,” Reddie said. “So if there’s one takeaway, it’s that every breach you read about today brings it back to the same point: identity must be at the centre of every organisation’s security strategy.”
Source link
