Organizations are heavily investing in zero trust, a security framework that requires strict verification and ongoing monitoring of every user, device, and application. As of 2025, the size of the zero trust market is estimated at $38.37 billion USD and is projected to grow to $86.57 billion USD by 2030. Investments include not only tools but also organizational transformation, policy overhaul, and long-term architectural changes. 

When combined with strong, phishing-resistant multi-factor authentication (MFA) and AI-powered threat detection, a move toward zero trust will significantly enhance cybersecurity. However, help desks often lack robust identity verification, creating a critical vulnerability.

Help desks are often the first line of defense for malicious identity verification activity, yet are among the most under-protected entry points in the enterprise. Attackers treat it not as a support function but as a security weakness. 

Instead of brute-forcing logins or guessing passwords, cybercriminals call in, impersonate employees, and gain access. All it takes is a convincing story, a spoofed caller ID, and the helpfulness of an agent trying to assist someone in getting back to work. 

The Marks & Spencer breach and the 2023 MGM Resorts attack highlight this issue. The group Scattered Spider turned social engineering into a science. They impersonated staff, bypassed weak protocols, and caused massive disruption. They exploited outdated workflows, studying organizations and mimicking internal language to deceive help desks. In the MGM attack, their help desk social engineering event led to over $100 million in damages and widespread disruption across hotels, casinos and their digital infrastructure. 

These breaches resulted from process failures, not individual human error.

What’s Going Wrong

Help desks are particularly vulnerable because they sit at the intersection of legacy infrastructure, human interaction and urgent access needs. Most still authenticate users with static credentials, such as birthdates, maiden names, employee IDs, and “memorable answers,” which stem from the password-centric era. These convenient methods, however, were never designed for resilience. Over time, they’ve become predictable, easily phished, or widely available through breached data and public sources. 

The problem isn’t just technical. It’s procedural and psychological. Help desks often prioritize speed and rely on scripted questions and assumed trust. Attackers exploit this by impersonating users and manipulating routine procedures. They don’t need to break in. They just need to sound legitimate. 

Such social engineering is effective because it thrives on human empathy, urgency and the comfort of familiar protocols. Without modern safeguards, such as adaptive authentication, help desks remain vulnerable to attacks. Relying on assumptions instead of real-time signals leaves a dangerous gap between convenience and security. 

The Attackers Playbook 

Attackers now use deepfake voice technology and generative AI to imitate employees, which makes outdated verification methods obsolete. They easily bypass human skepticism and technical safeguards with alarming accuracy. 

Threat actors infiltrate with ease by:

• Establishing credibility and trust using insider language.
• Manipulating caller IDs to appear legitimate.
• Exploiting weak verification protocols.
• Capitalizing on assumptions to gain access. 

Most attacks start with reconnaissance. Cybercriminals scrape LinkedIn profiles, company bios and breach data to build believable personas. By the time they call your help desk, they sound like legitimate employees. It’s all in the preparation.

That preparation pays off when the real manipulation begins. Social engineering succeeds because it persuades people, not systems. Attackers create a sense of urgency, impersonate authority and exploit empathy. These are intentional tactics that convince individuals to bypass security measures, leading to breaches that appear to be routine support calls. 

Outdated systems, not the teams themselves, are the real issue for help desk teams, who often work under pressure with limited tools and visibility.

The Cost of Getting It Wrong

When attackers bypass weak verification, the consequences extend far beyond just one compromised account. The ripple effect is substantial.

Credential misuse is fueling a surge of breaches across industries. A recent report found that in retail alone, 58% of organizations have suffered incidents tied to compromised credentials. The average cost per incident is $6.27 million. These costs include:

• Immediate expenses of investigation, containment and remediation
• Long-term repercussions, such as regulatory penalties and class-action lawsuits
• Loss of intellectual property
• Decline in consumer trust and retention

The last point is critical. The same research reports a staggering 81% of consumers say they would stop doing business with a company after a breach involving their personal data. 

These breaches highlight a business continuity issue masquerading as a security concern. Failed authentication erodes trust, which is challenging to rebuild.

Why Identity Verification is the Help Desk’s First Line of Defense

Help desks are a prime target for identity-based attacks; yet, many organizations still rely on authentication, rather than identity verification. Verification methods based on shared secrets, like password resets, knowledge-based questions, and SMS-based MFA, collapse under social engineering. Attackers already have the answers, often gleaned from personal information easily gathered from public sources, data breaches, or internal leaks. 

Furthermore, those static, secret-driven controls can’t assess real-time risk or prove that the requester is who they claim to be. Unfortunately, under pressure, support agents often default to lenient verification, which can open the door to unauthorized access. 

An identity verification-first approach flips the script. By issuing cryptographic credentials tied to trusted endpoints and optional biometric checks, every reset request carries instant, context-aware proof of identity with no shared secrets required. 

Elevating identity verification as a foundational control locks down help desk workflows, slashes fraudulent resets and secures critical transactions in real time. It’s not an add-on but rather a critical element in stopping identity-based threats. 

What CISOs Can Do Now: Turn the Help Desk into a Strategic Asset

CISOs need to rethink the help desk. It’s not just a soft spot or a support channel. It’s a strategic asset in their zero trust strategy. With the right changes, the help desk becomes a powerful layer of defense. 

• Adopting phishing-resistant authentication. Move beyond passwords and static credentials. Use FIDO2 security keys, biometric verification, and methods that can’t be easily spoofed or stolen.
• Require access from registered, trusted devices to ensure only legitimate users are supported. 
• Eliminate shared secrets. Stop relying on information that can be guessed, stolen or socially engineered. 
• Enable real-time identity checks. Provide help desk teams with tools to quickly and securely confirm users’ presence and intent.

These steps empower frontline teams with the tools and training they need to protect the organization confidently, without unnecessary friction.

Elevating Help Desks to Identity Guardians

Traditionally, help desks are reactive troubleshooters that focus on resolving technical issues rather than safeguarding identity. Forward-looking organizations break down silos between IT, identity and security. They align these functions into a unified access strategy where every support interaction strengthens assurance.

For example, if a user is locked out, the help desk can trigger a biometric challenge or device-based verification. The user verifies their identity in real-time. No guesswork. No assumptions. Just proof. These efforts thwart impostors and streamline access for legitimate users, while reducing frustration and downtime and strengthening security.

Modern identity assurance transforms help desk agents into defenders who proactively detect anomalies and suspicious behavior, stopping breaches before they occur. This is the essential evolution for today’s help desk.