Friday, December 22, 2023

Why The Help Desk Is The Next Big Cyber Target In 2024

 


I have been in the world of IT; I would say for probably over 20 years.  It’s only been in the last 10 or so that I have ben devoted exclusively to Cybersecurity.  I would say that one of the most thankless and most under appreciated jobs is that of the Help Desk. 

They are usually the front and last lines help for the end user.  Not only are these expected to be knowledgeable in what they do, but they are also expected to do deliver great customer service, under all conditions.

I know of people who have had this kind of role, and to be honest, it’s a burn out role.  Not only do you customers chew you out, but you are expected to be on top of everything, all the time.  Worst yet, there are even metrics and KPIs that you have to come through on.  One of them is how long you stay on the phone to resolve an issue.

Because of all of this, and under the enormous strain that the Help Desk people are under, they have now become a primary target for the Cyberattacker.  The threat variants can come in all various forms, but the most “popular” form seems to be that of Social Engineering. 

In this regard, many robocalls, phony calls, and even emails are being sent trying to impersonate real end users, in order to heist out as much confidential information as possible, namely the passwords and other sorts of credentials.

So what can a Help Desk Manager do to help protect their staff?  Here are some key tips:

1)     Make sure that you only resolve issues that are related to company issued devices.  If the end user cannot confirm the details of this, then the call should be terminated immediately.  Or, if it was determined later that it was a legitimate end user needing help, then other avenues should be offered for assistance to resolve the problem.

 

2)     Once a staff member receives a call, they should not only communicate and further verify the identity of the end user using only their company issued device. 

 

3)     To verify the actual identity of the end user who is calling I, you should always use some form MFA, as well as use a push notification mechanism.  So for example, when a Help Desk member is picking up a call, they should immediately send a push notification to the device of the end user.  In turn, they should read back that number.  If they don’t receive that notification, or refuse to cooperate, then this is a huge, red flag!!!

 

4)     Always ask the end user to verify the serial number of the device they are having issues with.  Of course, if they need help in doing this, you should help, but also be aware of any cues to indicate that it could be a fake call, if the end user is taking longer than usual to find it.

 

5)     If the issue in question involves the replacement of a wireless device, such as a smartphone, then you should have a policy in place that the device has to be physically returned to the company headquarters.  Only then can a new device.  Of course, if the end user is an employee, they will have to use their own personal device to conduct job tasks.  In this case, you will probably have to deploy some substandard security protocol, such as phone authentication.

 

6)     Now we come to the biggest issue of all:  Password Resets.  This is the nemesis of the Help Desk staff, and it gets even more complex now because of identity verification.  The answer to this is simple:  Simply institute the use of a Password Manager.  That way, not only long and complex passwords can be created, but the end user (or employee) can manage all that themselves, so that you can now focus on the more urgent requests.

 

7)     In a final effort, if MFA for some reason cannot be deployed, then another option would be to initiate a video conference call (such as Zoom or WebEx)  where the end user will have to physically show to you their government issued ID (such as a driver’s license, passport, etc.) and the device they are having issues with.

 

8)     If you use other authentication mechanisms such as tokens, or digital certificates, make sure that they only have a lifespan for just one use and destroy it.  That way, the risk of it being replicated is greatly mitigated.

 

My Thoughts On This:

The use of AI is only compounding this problem even more.  For example, Deepfakes can be used to create fake, live images of real people, it can even be used to create legitimate voices as well.  Because of this, if you make use of a Voice Recognition system, it could very well be circumvented in these cases. 

All you can do is enforce a strict policy where all of the Help Desk staff have to follow a set standard of authentication procedures, with no questions asked.

This will be especially important if you outsource your Help Desk functions to a third party.  More details about the threat of Deepfakes can be seen at this link:

https://www.npr.org/2023/03/23/1165146797/it-takes-a-few-dollars-and-8-minutes-to-create-a-deepfake-and-thats-only-the-sta

 

 

No comments:

Post a Comment

Why Students From K-12 Are So Vulnerable In Becoming A Cyber Victim

  Whenever we hear about a Cyberattack or a security breach, we often think that the entity involved is a Fortune 500 company, or even a hea...