What happens when the biggest cybersecurity weakness inside your organization isn’t your infrastructure, but the people using it every day?
In this episode of Business of Cybersecurity, I speak with David Cottingham, president of rf IDEAS, about why identity has become one of the most targeted attack surfaces in modern business. From phishing attacks powered by AI to the growing risks tied to compromised credentials, David explains why traditional password habits continue to expose organizations across healthcare, manufacturing, finance, and enterprise environments.
Our conversation looks at the uncomfortable reality that while businesses have spent years hardening infrastructure, attackers have shifted their attention toward human behavior. David shares why fully passwordless environments may still be out of reach for many organizations, but why the move toward stronger authentication methods, secure second factors, mobile credentials, passkeys, and biometric workflows is already reshaping how businesses think about trust and access.
We also discuss the growing tension between stronger security and employee productivity. From clinicians accessing patient records in hospitals to workers authenticating on factory floors, David explains why security tools only succeed when they fit naturally into real-world workflows. The episode also explores the convergence of physical and logical security, the dangers of outdated proximity cards, and how layered security strategies still matter in an age shaped by AI-driven threats.
Along the way, David shares what he’s hearing from organizations at industry events, why many leaders feel overwhelmed by identity decisions, and how companies can future-proof their authentication strategies without disrupting existing systems overnight.
If identity is now the new perimeter, how should organizations rethink trust before the next breach forces the conversation?