Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Identity breaches and help desk risk: are your controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: 69% of global organisations experienced an identity-related breach in the last three years, while 65% are seriously concerned about service desk bypass attacks and 90% report challenges moving toward passwordless authentication, according to RSA Security’s 2026 ID IQ Report. The data shows identity programmes are still failing at the points where trust, recovery, and human workflow intersect.

NHIMG editorial — based on content published by RSA Security: UK reports worse data breaches and greater concern for IT help desk risk in the 2026 RSA ID IQ Report

By the numbers:

Questions worth separating out

Q: What breaks when service desk recovery is treated as routine support?

A: The recovery path becomes a privileged entry point for attackers who can impersonate legitimate users or manipulate support staff.

Q: Why do passwordless programmes still leave organisations exposed?

A: Passwordless reduces password dependence, but it does not remove recovery, enrolment, fallback, or exception handling.

Q: How can security teams tell whether help desk controls are actually working?

A: Look for verification quality, escalation rates, recovery approval consistency, and the number of resets that rely on manual overrides.

Practitioner guidance

  • Reclassify help desk recovery as privileged access Map password reset, MFA reset, and account recovery workflows into the privileged access model and apply stronger approval, verification, and audit requirements to each step.
  • Test support workflows with adversarial scenarios Run social engineering exercises against service desk staff, including impersonation and recovery abuse, to identify where process speed overrides identity assurance.
  • Measure fallback-path risk during passwordless rollout Track how often users depend on password-based exceptions, recovery codes, or manual overrides so the programme reflects real exposure rather than adoption claims.

What's in the full analysis

RSA Security's full report covers the operational detail this post intentionally leaves for the source:

  • Survey methodology and respondent breakdown across more than 2,100 IAM and security professionals.
  • UK versus global comparison tables showing where British organisations diverge on identity breach harm and passwordless progress.
  • The report’s broader findings on AI adoption attitudes and how organisations are planning to use AI in the security stack.
  • Infographic material that expands the topline numbers into a board-friendly format.

👉 Read RSA Security’s 2026 ID IQ report on identity breaches and help desk risk →

Identity breaches and help desk risk: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Identity recovery is now part of the control plane. The report shows that attackers do not need to defeat authentication if they can persuade the organisation to restore access for them. That shifts the problem from login security to recovery governance, where help desks, reset flows, and exception handling become privileged trust points. Practitioners should treat identity recovery as a high-risk access path, not an administrative afterthought.

A few things that frame the scale:

A question worth separating out:

Q: Who is accountable when identity-related breaches start in support workflows?

A: Accountability sits with both identity governance and service operations because recovery channels are part of the identity control surface. Frameworks such as NIST CSF and Zero Trust expect access decisions to be governed, logged, and reviewable, which includes the support processes that recreate access.

👉 Read our full editorial: Identity breaches and help desk risk are outpacing IAM controls



   
ReplyQuote
Share: