IT service desks: The security blind spot that may put your business at risk

The article warns that outsourced IT helpdesks are an expanding security blind spot: attackers use vishing, SIM‑swap, social engineering and synthetic voices to convince staff to reset credentials or disable MFA, enabling lateral movement and major breaches (citing LAPSUS$, Scattered Spider, MGM, Clorox). It recommends layered defenses—strong caller authentication, least privilege, separation of duties, comprehensive logging and monitoring, continuous agent training, technical controls for spoofing/deepfakes, and MDR services—to reduce supply‑chain/service‑provider risk.