Service desks are popular vectors for social engineering attacks because controls are weak and operational pressure on staff is high — a combination that demands training, process improvements, and technical controls.
Google provides sign-in services with auth_time and amr metadata to verify login freshness and authentication methods for implementing risk-based access control.
Missing technical security measures such as multi-factor authentication pose significant security risks and data breaches when executives deliberately block them for control purposes.