The Crumbling Wall of Traditional Verification “One of the biggest challenges for service desk agents,” notes Passera, “is being able to identify if someone is impersonating an employee or is the real employee.” For years, organizations relied on verifying identities by asking for Personally Identifiable Information (PII) – the last four digits of a Social Security number, a mother’s maiden name, the date of birth.However, the era of massive data breaches has rendered this method dangerously obsolete. Vast quantities of PII are readily available on the dark web, allowing attackers to answer these
it’s essential to recognize that the battle to protect enterprise resources has shifted, and why focusing on human behavior has become critical to cybersecurity operations. Technical defenses like firewalls, continuous monitoring and remediation and AI-assisted analytics remain essential tools in that battle.However, malicious actors have found a way around those defenses, using deception and impersonation to prey upon unwitting individuals within organizations and tricking them into sharing their credentials. The latest figures from Verizon’s 2025 Data Breach Investigation Report bear that out. It found that of the 12,195 data breaches the DBIR unit investigated last year, 60% involved human interaction. Credential abuse and social actions, like phishing, were cited as leading factors. That compares to the exploitation of system vulnerabilities, which grew significantly last year but still only accounted for 20% of breaches. What’s changing, says Pablo Passera, vice president of product management and a security expert with Proofpoint, is the growing assault on help desks. Threat actors recognize that service desk agents, tasked with assisting employees and managing access, hold the keys to the kingdom. “A service desk agent can change a password, reset credentials, manage multi-factor authentication (MFA) devices and troubleshoot access issues,” says Passera. A successful impersonation doesn’t just compromise one user; it provides the attacker with the
legitimate tools to escalate privileges, move laterally, access sensitive data like payroll accounts or deploy ransomware, he adds. “So, the service desk is a very valuable target for threat actors right now.” Passera notes that attackers are also using the help desk to trick employees. He described a growing tactic called mail bombing, where an attacker identifies an employee within an organization and subscribes their email address to thousands of newsletters. “Imagine your inbox suddenly has 1,000 welcome emails and then someone impersonating a help desk agent contacts you, saying, ‘Hey, Paul, I’m from the service desk, and we noticed you’re under attack. Click on this link so we can help reslove the issue.’ The employee clicks the link and suddenly they’re compromised.”
“
Not all help desk individuals...have the level of training... or technology and authentication capability built into their Infrastructure right now to stop these types of attacks at scale.
– Ryan Witt, vice president of industry solutions, Proofpoint
26 – 2026 Legislative Edition – Florida Technology Magazine
Powered by FlippingBook