Cybersecurity: Keep an Eye on Your Help Desk

I think most companies realize the cyber threats posed by phishing attacks targeting senior executives, AI deepfakes, and remote IT workers, but I wonder how many have focused on the vulnerabilities created by their own IT “help desks”?  This excerpt from a recent Debevoise blog says that companies should be alert to the security risks posed by their help desks and offers some suggestions on how to mitigate those risks:

Threat actors are targeting internal and external helpdesks (among other managed service providers) as a primary access vector, by socially engineering helpdesk staff into changing account passwords and resetting multi-factor authentication (“MFA”) tokens and devices outside of procedures.

Mitigation Steps to Consider:

A. Review helpdesk protocols for password/MFA reset procedures to ensure they are robust and account for the threat of audio-visual deepfakes. Additionally, consider handling requests from VIP users (e.g., senior executives, management, super users, and those with administrative privileges) internally.

B. Work with your helpdesk to ensure staff are trained and consistently follow protocols. This includes developing a “challenge culture” where helpdesk staff are encouraged to be polite yet skeptical of callers and require them to authenticate identity before assisting, irrespective of rank or circumstances.  Ensure that helpdesk operations are not judged solely on metrics such as speed and lack of complaints, but also on enforcing security.