Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Identity breach costs and help desk hijacks: what should teams do?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Identity breaches surged to 69% of organisations in the last three years, while 45% said identity-related breach costs exceeded the typical breach cost and 24% crossed $10M, according to RSA's 2026 RSA ID IQ Report. The data shows identity governance is now a board-level resilience problem, not just an IAM operations issue.

NHIMG editorial — based on content published by RSA Security: Brazil Leads the World in Global Identity Security Survey, RSA ID IQ Report Unveils Top Identity Threats

By the numbers:

Questions worth separating out

Q: How should security teams reduce help desk hijack risk in identity programmes?

A: Treat the service desk as part of the identity boundary.

Q: Why do identity-related breaches become so expensive so quickly?

A: Identity compromise often gives attackers legitimate access rather than a narrow technical foothold.

Q: What do organisations get wrong about passwordless authentication?

A: They often treat passwordless as a finished control instead of a redesign of the full assurance chain.

Practitioner guidance

  • Harden help desk recovery flows Require stronger identity proofing, dual approval for sensitive resets, and step-up verification before any factor re-enrolment or credential recovery is completed.
  • Classify support overrides as privileged actions Log, review, and recertify all account recovery and factor-reset activities as privileged workflows, with named approvers and tamper-evident records.
  • Measure identity blast radius Map which SaaS, cloud, email, and admin systems become reachable after one account is taken over, then use that map to prioritise privilege reduction.

What's in the full analysis

RSA Security's full report covers the operational detail this post intentionally leaves for the source:

  • Full survey methodology behind the 2,100-plus respondent sample and regional breakdowns.
  • Brazil-specific findings on passwordless adoption and how they compare with global trends.
  • The report's detailed breakdown of help desk bypass concerns and the supporting survey percentages.
  • Context on how respondents view AI's role in cybersecurity versus cybercrime.

👉 Read RSA Security's 2026 ID IQ Report on identity breach trends and help desk risk →

Identity breach costs and help desk hijacks: what should teams do?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Identity assurance now fails in the support channel as often as it fails at the login screen: The survey's help desk findings show that identity governance cannot stop at authentication policy. If support staff can override proofing, factor reset, or recovery logic without hardened checks, the organisation has created a second identity authority outside formal IAM controls. Practitioners should treat the service desk as part of the identity control plane, not a back-office exception.

A few things that frame the scale:

  • 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
  • Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs.

A question worth separating out:

Q: How should teams govern identity support workflows after a major breach trend?

A: Govern support workflows like privileged access. Separate approval from execution, audit every reset and override, and test whether attackers can use help desk processes to change identity state. If they can, the identity programme still has a hidden escalation path that bypasses normal controls.

👉 Read our full editorial: Identity breaches and help desk hijacks are escalating globally



   
ReplyQuote
Share: