Most SMEs don't get breached because of sophisticated attacks. They get breached because of small, unnoticed identity failures. These are the 12 most common—and most dangerous.
1. Dormant accounts
Former staff, contractors, and interns still have access. These accounts are prime targets for attackers because they're rarely monitored.
2. Privilege creep
People accumulate permissions as they change roles. Over time, someone who started as a marketer might have developer-level access.
3. Shared accounts
No accountability, no audit trail, no security. When something goes wrong, you can't tell who did it.
4. Shadow SaaS
Staff adopt tools without approval or oversight. These tools create unmanaged identity surfaces that attackers love.
5. Inconsistent MFA
Enabled for some systems, forgotten on others. One weak link is all it takes.
6. Unmonitored admin rights
"Temporary" access that becomes permanent. Admin rights granted for a project are never revoked.
7. Policy erosion
Exceptions that become the new normal. "Just this once" becomes "that's how we do it."
8. Identity drift
Roles and permissions no longer match reality. What someone should have and what they actually have have diverged.
9. Weak onboarding/offboarding
Access granted too broadly at start, removed too slowly (or never) at end.
10. Untracked automations
Bots and scripts acting with human-level privileges. These identities often have more access than any person.
11. Vendor access
Third parties with more access than internal staff. When was the last time you reviewed what your accountants or IT support can access?
12. Lack of evidence
Decisions can't be justified in audits or disputes. "We thought it was OK" doesn't fly with regulators.
Why these risks persist
SMEs don't have the time, tools, or visibility to manage identity properly. The result is a slow accumulation of risk that eventually becomes a breach.
How SMEs can fix them
The solution isn't more tools—it's a unified identity fabric that makes these risks visible, measurable, and manageable.