Emergency "break-glass" accounts designed for disaster recovery often have monitoring intentionally disabled to ensure availability during crises. Attackers discover and use these accounts because the lack of alerts makes them invisible. Organizations are implementing temporary, audited break-glass procedures with automatic alerting after emergency windows expire.