Stop social engineering at the IT help desk

Sponsored Post Ransomware can hit any organization at any time, and hackers are proving adept at social engineering techniques to gain access to sensitive data in any way they can.

A case in point can be seen in the attack on MGM Resorts International recently, which proved to be a very expensive incident for the company. Reports suggest the attack will cause an estimated US$100m hit to its revenue after the hotel and gambling firm was forced to shut down its IT systems to contain the damage after customer contact information, gender, date of birth, social security, passport and driver’s license numbers were stolen.

But rather than attacking the IT systems itself, the hackers used social engineering tactics to persuade an employee to reveal sensitive user credentials over the telephone. These were then used to circumnavigate MGM’s cyber security defences and log in as an administrator before escalating the access privileges and letting loose the ransomware.

Nor was the incident the only example of hackers impersonating legitimate users when talking to the IT helpdesk. The same thing reputedly happened to a UK-based energy firm which fell victim via an AI voice impersonation of the parent company’s chief executive, and games company EA Electronic Arts which was tricked into granting an attacker access to the company’s internal network.

So how can any organization be sure that the person who is making a request for access to company systems, data and applications is actually who they say they are? Especially when pretty much anybody can so easily harvest the information they need to help them conduct a convincing impersonation from the masses of data freely available on social media?

Specops reckons it has the answer in the form of its Secure Service Desk, which uses dynamic multi factor authentication – something you know, something you have, something you are (biometrics) – to reduce the risk of hackers successfully using social engineering to fool staff on the help desk. The solution offers various identity verification options, including mobile or email codes, and integration with commercial Identity Access Management (IAM) tools like Duo Security, Okta and PingID.

You can learn more about how Secure Service Desk authenticates and securely verifies the identity of callers to IT helpdesks and request a free trial or demo of the software here.

Sponsored by Specops.

READ MORE HERE