Cloud organizations are now protected from service desk impersonation attacks with stronger authentication methods
Today, Specops Software, an Outpost24 company and leading provider of password and identity management solutions, has announced that its Specops Secure Service Desk for Cloud now supports native Entra ID, including on-premises and hybrid, enabling cloud-based organizations to verify the identity of callers to the service desk using stronger authentication methods that minimize the risk for user impersonation. Currently Microsoft does not offer built-in identity verification for users contacting the service desk. Specops Secure Service Desk solves this problem by verifying users when they contact the service desk, now including cloud-only environments.
"Cybercriminals have significantly stepped up their game in targeting service desks to gain access to corporate networks leading to loss of revenue and erosion of brand loyalty and reputation," said Omri Kletter, Chief Product Officer at Outpost24 "That's why it is more critical than ever that all organizations, whether cloud, hybrid, or on-prem-based, arm themselves with the most powerful tools to protect against these kinds of attacks."
In recent months, many high-profile organizations, including British retailer Marks and Spencers (M&S), have been targeted in sophisticated social engineering attacks that specifically target service desk agents. The "Scattered Spider" threat group, thought to be behind the attack on M&S, as well as the 2023 MGM Resorts hack, has repeatedly demonstrated that the service desk is a prime social engineering target that can cause a lot of disruption for organizations. The M&S attack, for example, is thought to have led to an estimated $402 million profit hit for the retailer, with some customer data stolen. As a result, the UK's National Cyber Security Centre has specifically urged organizations to review and harden their help-desk password reset workflows to stop similar manipulations before they can escalate into full-blown ransomware or extortion events, with other government cyber organizations globally likely to follow suit.
Verifying the identity of callers to the service desk is just as critical for cloud-only customers as it is for on-prem organizations. An organization's service desk agents need reliable tools to verify the ID of callers, for the following reasons:
- Remote and hybrid working drives increased call volumes: If users are still calling the service desk with problems, service desk agents are at risk of social engineering.
- Digital transformation adoption outpaces user training: Fighting against sophisticated and quickly evolving social engineering tactics is a complex task if service desk agents are not supported with the right tools.
- Service desks are an easier avenue of attack than passwords: Threat actors know it's easier to attack the service desk than crack strong passwords or bypass MFA this attack route won't disappear.
- Evolving tactics aided by artificial intelligence (AI): Deepfakes and social media reconnaissance can render traditional verification methods ineffective.
About Specops Secure Service Desk
Specops Secure Service Desk enables customers to increase their service desk security with stronger authentication methods that minimize the risk for user impersonation. Identity verification options range from mobile or email verification codes, to commercial authentication providers such as Duo Security, Okta, Symantec VIP, PingID and YubiKey. These authentication options are paired with technical enforcement of the ID verification, blocking agents from proceeding with the caller's request until authentication through the platform is completed. Secure Service Desk also integrates with a multitude of ID services and other service desk systems, such as ServiceNow and Jira.
Specops Secure Service Desk is available to Entra ID only organizations (or those planning to move there soon), as well as on-prem and hybrid organizations, today. For more information, visit: https://specopssoft.com/blog/secure-service-desk-for-cloud
About Specops Software:
Specops Software is a leading provider of identity management and authentication solutions. Its products help organisations enforce secure password policies, strengthen user verification, and defend against credential-based attacks.
Specops is part of Outpost24, which offers industry-leading Attack Surface Management solutions that help security teams stay ahead of emerging threats. Together, they support thousands of organizations worldwide in identifying, protecting, and monitoring digital risks.
Outpost24 was founded in 2001 and is headquartered in Sweden, with offices in the US, UK, France, Belgium, and Spain.
Learn more at specopssoft.com and outpost24.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250603679400/en/
Contacts:
Media Contact:
Tila Pacheco
Eskenzi PR
tila@eskenzipr.com