Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      South Africa's broadband future is being decided in orbit, not in Pretoria

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      Takealot bets local scale can hold Amazon at bay - Frederik Zietsman

      Takealot Group bets local scale can hold Amazon at bay

      30 June 2026
      Tony Leon rejects 'state capture' label in Starlink lobbying row

      Tony Leon rejects ‘state capture’ label in Starlink lobbying row

      30 June 2026
      Vodacom takes the reins at Safaricom

      Vodacom takes the reins at Safaricom in R35-billion deal

      30 June 2026
      South Africa's fibre underdogs are beating the giants

      South Africa’s fibre underdogs are beating the giants

      30 June 2026
    • World

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
      Trouble at Xbox

      Trouble at Xbox

      11 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
      TCS | Charge's R1.8-billion bet on an off-grid EV future - Charge chairman Joubert Roux

      TCS | Charge’s R1.8-billion bet on an off-grid EV future

      18 May 2026
      TCS+ | The Up&Up Group on the hidden cost of AI - Jason Harrison

      TCS+ | The Up&Up Group on the hidden cost of AI

      13 May 2026
    • Opinion
      The pivot South Africa's MVNOs cannot afford to miss

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
      Finish the job Mandela started - Farzam Ehsani

      Finish the job Mandela started

      18 June 2026
      The author, Fanie van Rooyen

      The US just showed it can switch off our AI

      17 June 2026
      The pivot South Africa's MVNOs cannot afford to miss

      The clock is ticking on South African banks’ biggest advantage

      9 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Sections » Information security » Anatomy of a reset: why the helpdesk is now the breach

    Anatomy of a reset: why the helpdesk is now the breach

    Promoted | Senior executives agreed at a recent Specops roundtable: helpdesks have become a primary attack surface.
    By Solid8 Technologies21 May 2026
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Anatomy of a reset: why the helpdesk is now the breach - Specops Software

    Specops Software and TechCentral brought a room of senior executives together at the Park Hyatt Johannesburg on Thursday, 7 May, to dissect the password reset call. The verdict was uncomfortable: in many South African organisations, the helpdesk is no longer support. It is the most exploited gateway to identity and access.

    The consensus for years has been that the cybersecurity battle is won and lost at the perimeter: at firewalls, endpoints, identity platforms and the slick zero-trust architectures that boardrooms now fund without flinching.

    And yet, look at where the attackers are walking in.

    The room was unanimous on one point: helpdesks are now a primary attack surface

    They are walking in through the service desk. A phone call, a friendly voice, a few well-rehearsed personal details and a password gets reset. The breach is not technical. It is human, procedural and quietly devastating.

    That was the uncomfortable thesis at “Anatomy of a Reset”, a senior-led discussion hosted by Specops Software and TechCentral at the Park Hyatt Johannesburg on Thursday, 7 May, where executives gathered to interrogate a blind spot that most organisations would rather not look at.

    The roundtable structured around four uncomfortable questions: what lives beyond the dashboard, what an attack looks like in flight, what identity integrity really means at the reset layer and who in the organisation is accountable when the helpdesk becomes the entry point.

    Not even close

    The room was unanimous on one point: helpdesks are now a primary attack surface, and traditional identity verification (the security questions, the “mother’s maiden name”, the employee number read back over a line) is no longer fit for purpose. It is not even close.

    Standard policies, several participants said, are creating a false sense of security. Strong on paper. Hollow at the point of attack. Attackers know it, and they are applying pressure through social engineering and rushed verification to bypass even the strongest credentials.

    Now consider what happens beyond the dashboard.

    Most CISOs review their security posture through a controlled view: identity platform metrics, MFA coverage, endpoint health, incident response SLAs. The dashboards look reassuring. But the password reset call, the moment a human voice asks another human voice to override a control, does not show up cleanly in any of them. It is the gap between the policy layer and the operational layer.

    That gap is where the attack lives.

    “A modern attacker does not need to defeat your firewall. They need to defeat your service desk script.”

    The anatomy of a modern reset attack is almost embarrassingly simple. LinkedIn for the org chart. A breach data dump for personal detail. A voice-cloning tool trained on a 20-second clip. A friendly call to a service-desk agent already under ticket pressure. The credentials change hands in three minutes. The lateral movement starts before the agent has logged the next ticket.

    Then there is the visibility problem. Several participants said the helpdesk is rarely on the executive radar in the way that ransomware, cloud security or compliance are. It sits in operations, not in the board pack. It is treated as a cost centre, not a control point.

    The accountability question kept resurfacing. When the breach happens through a password reset, who owns it? The CISO whose policy was strong? The IT manager whose helpdesk handled the call? The service desk agent who did what their script told them to do? In most organisations, the lines are not drawn, and that is exactly why the gap persists.

    Specops Software

    This matters because the helpdesk is exactly where attackers are choosing to engage. According to multiple industry reports, a significant proportion of high-profile breaches over the past 18 months (globally and in South Africa) have reportedly involved helpdesk compromise as the first move. Not malware. Not zero-days. A phone call.

    The problem is not that organisations lack security tooling. The problem is that the tooling stops at the technical edge of the network and does not extend into the human edge, where service-desk agents are still being asked to make trust decisions in seconds, often without the right verification stack behind them.

    None of this is to say South African organisations are negligent. Many are deeply invested in cybersecurity and run mature programmes. “Anatomy of a Reset” was not an indictment, it was a recalibration. The point was that the threat model has shifted faster than helpdesk operations have, and the gap has become commercially material.

    But look at the fundamentals.

    A modern attacker does not need to defeat your firewall. They need to defeat your service-desk script. The cost of that defeat is full credential access, lateral movement and a ransomware note by Friday.

    Specops

    The room’s closing position was direct. Securing the service desk is no longer a technical housekeeping issue. It is a strategic priority. It requires three things: stronger verification protocols at the password reset layer, greater executive awareness so this risk lives in the board pack rather than buried in a service ticket, and a structural shift towards integrating security into service delivery rather than bolting it on afterwards.

    In other words, the helpdesk is no longer a back office. It is the front door.

    Whether South African organisations move on that recognition in the next 12 months, or wait for the breach that forces the conversation, will be one of the more instructive cybersecurity stories of the year ahead.

    If you want to learn more about Specops or see a demo, fill in the form and we will get into contact with you within 24 hours.

    • Read more articles by Specops on TechCentral
    • This promoted content was paid for by the party concerned
    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    Specops Specops Software
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleSouth Africa is sleepwalking into another AI policy failure
    Next Article Check Point swaps static rules for agentic AI

    Related Posts

    Weak passwords cause one in five breaches - Solid8 and Specops have the fix

    Weak passwords cause one in five breaches – Solid8 and Specops have the fix

    22 October 2025
    Add A Comment

    Comments are closed.

    Company News
    A smarter switch for networks that can't afford to fail

    A smarter switch for networks that can’t afford to fail

    30 June 2026
    Johann Combrink

    How a garage start-up became one of South Africa’s trusted software houses

    30 June 2026
    Why more data is not the answer - better operational signals are - Sigfox South Africa

    Why more data is not the answer – better operational signals are

    30 June 2026
    Opinion
    The pivot South Africa's MVNOs cannot afford to miss

    The pivot South Africa’s MVNOs cannot afford to miss

    23 June 2026
    Brazil's online gambling crackdown is a lesson for South Africa

    Brazil’s online gambling crackdown is a lesson for South Africa

    22 June 2026
    Finish the job Mandela started - Farzam Ehsani

    Finish the job Mandela started

    18 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    South Africa's broadband future is being decided in orbit, not in Pretoria

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026
    Takealot bets local scale can hold Amazon at bay - Frederik Zietsman

    Takealot Group bets local scale can hold Amazon at bay

    30 June 2026
    Tony Leon rejects 'state capture' label in Starlink lobbying row

    Tony Leon rejects ‘state capture’ label in Starlink lobbying row

    30 June 2026
    Vodacom takes the reins at Safaricom

    Vodacom takes the reins at Safaricom in R35-billion deal

    30 June 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}