Help desks emerge as cybersecurity weak spot amid rising attacks

IT help desks are being highlighted as a key vulnerability in enterprise security as experts call for improved identity verification methods to counter social engineering attacks during Cybersecurity Awareness Month.

Industry leaders are drawing attention to the importance of shifting both culture and technology to address an evolving threat landscape, citing the exploitation of high-pressure help desk situations by cyber attackers and the need for more resilient and proactive strategies.

Help desk under pressure

Bojan Simic, Chief Executive of HYPR and a FIDO Alliance board member, warns that IT help desks are increasingly targeted by attackers using social engineering tactics. These tactics often involve leveraging stressful scenarios, such as an executive locked out of their account just before boarding a flight, to pressure help desk agents into bypassing or overlooking security protocols.

Simic emphasises that reliance on security questions, SMS codes, or employee IDs can leave organisations exposed. He points out that attackers exploit the human-driven nature of help desk operations, where the urgency and pressure that accompany these operations make it easy for mistakes to occur.

"The help desk shouldn't be the weakest link; it should be the first line of defence. That means moving beyond guesswork and adopting identity verification that confirms who someone is, versus what they know or the device they're using. With phishing-resistant, standards-based verification built into support workflows, agents stop being human lie detectors and start being defenders," said Simic.

Simic advocates for the adoption of phishing-resistant verification aligned with standards such as NIST IAL2, aiming to move organisations beyond traditional, knowledge-based authentication that, in many cases, are already well-known to threat actors.

He notes that addressing these gaps not only protects critical business functions but also ensures that help desk agents are empowered to act confidently, without needing to compromise security for the sake of expediency.

Cultural change in security mindset

Alongside the technological solutions, cybersecurity leaders highlight the need for cultural transformation within organisations. Elyse Gunn, Chief Information Security Officer at Nasuni, argues that the most significant change in cybersecurity is not technological, but cultural. Gunn states that organisations must move beyond simply avoiding risk, and instead learn to harness it with robust controls and open dialogue.

"The greatest innovation in cybersecurity today is not a tool or a technology. It's a cultural shift - a deliberate move to harness risk rather than avoid it. That means saying, 'Let's see how we can make this work, safely and with the right controls,' instead of defaulting to no. This mindset does more than reduce risk. It builds competitive advantage. When teams know they can bring ideas to the CISO and be met with an open mind, it builds trust and unlocks collaboration. Security becomes a partner in innovation and progress. The alternative? Shadow IT, insecure workflows, and risks that surface only after damage is done. Saying no does not eliminate risk; it simply drives it underground," said Gunn.

Gunn's comments reflect a growing recognition that security must be embedded in the organisational culture, with an emphasis on collaboration, transparency, and partnership between innovation teams and security leaders. This approach is believed to not only improve security outcomes but also foster innovation and resilience.

Risks, responsibilities and new technologies

Kevin Landt, Vice President of Product for Cybersecurity at Thrive, notes that the responsibility for cybersecurity now extends well beyond the IT team and must be regarded as an imperative at the board level. He highlights the potentially catastrophic financial and reputational damage caused by cyber breaches, especially as attack methods become more sophisticated with the advancement of artificial intelligence.

Landt recommends a layered approach to cybersecurity, beginning with a thorough assessment of vulnerabilities, implementing effective risk controls, and clearly delineating roles and responsibilities for threat identification and incident response.

Humans remain the primary vulnerability in most cyberattacks, Landt says. However, organisations are increasingly deploying effective training programmes designed to equip staff with the skills to recognise threats, including those enabled by AI, such as deepfakes and tailored phishing emails. Concurrently, companies are fighting fire with fire by using AI-powered defences capable of detecting sophisticated attack methods created using similar technologies.

Landt argues that with a blend of robust training, state-of-the-art technologies, and strategic partnerships, businesses can position themselves to anticipate threats and respond with agility, building the resilience needed to minimise operational and data risks.

Proactive steps for enterprise security

There is a consensus among security leaders that dealing with modern cyber threats involves both investment in technology, such as phishing-resistant, standards-based authentication, and the cultivation of open, risk-aware cultures where security is a business enabler rather than a cost centre.

As Cybersecurity Awareness Month prompts organisations to assess and strengthen their security postures, experts urge enterprises to reexamine their help desk procedures, invest in employee training tailored to emerging threats, and adopt a mindset that treats security as a shared organisational responsibility.