It’s every customer and employee’s right to ask for and receive assistance from the IT help desk. The help desk team is obligated to, well, help. It is also their duty to maintain the secrecy and confidentiality of any and all privileged information. This means that in addition to providing technical support quickly and efficiently, IT help desk teams are also serving as the first line of defense against intruders. However, this responsibility is becoming more and more challenging as eye-opening discoveries about help desk security come to light.
Today’s world is inundated with cybercrime. Hackers and cybercriminals can access sensitive data and use it to get inside an organization. Frighteningly, the help desk has served as a back door to enterprise network resources through social engineering, which is described as the art of manipulating people, so they give up confidential information. Hackers are using social engineering techniques at an increasingly frequent rate to obtain credentials and unauthorized access to other confidential information, which they then use to gain entry to an organization’s sensitive data and internal workings.
Help Desks As The First Line of Defense Against Cyberattacks
Most organizations’ IT help desk serves as a clearinghouse of information about internal and external activities, as well as usage of technology. As such, it can be a logical first line of defense against hackers and other criminals. According to Roberto Casetta, writing for Infosecurity Magazine, “Any security team knows that the best defense is knowledge, and the biggest thing any business can do to mitigate risk is to know exactly what is inside their network in order to identify strange behaviors and meaningful trends. The service desk is probably better positioned than any IT team within the organization to lead this activity. For the simple reason that, when a user’s PC is running slowly or a business application is frequently crashing, their first call will likely be to IT support.”
Casetta makes the point that, in all likelihood, your IT help desk won’t be able to prevent cyberattacks from happening. But because it already has the ability to monitor and alert the organization, it can be vital. He advocates equipping the help desk team with automated patching, and application controls, as well as working closely with your company’s IT security department.
Today’s Help Desk Security Realities
Security threats come in all shapes, and sizes, and your IT help team obviously needs to focus on providing the best help desk support possible, while at the same time remaining vigilant. The bring-your-own-device (BYOD) movement, with its increase in mobile devices and wearable technology, adds a layer of complexity to something that is already challenging.
According to Gartner, mobile devices are increasingly becoming the first go-to device for communications and content consumption and it predicts that by 2018, more than 50% of users will go to a tablet or smartphone first for all online activities. And, as the Forsythe Focus reports, “The nature and types of cyber attacks are evolving rapidly, and mobile devices have become a critical part of enterprise cyber-security efforts with good reason. Analysts predict that by 2018, 25% of corporate data will completely bypass perimeter security and flow directly from mobile devices to the cloud.”
Consider these top eight IT help desk insights as a look into the reality of help desk vulnerability from three different 2016 cyber threat surveys:
- According to Exploits at the Endpoint: SANS 2016 Threat Landscape Survey, phishing, ransomware, and APT (advanced persistent threat) attacks are on the rise. In the first months of 2016, companies lost millions because of ransomware.
- Social engineering accounts for 38% of attacks bypassing company defenses (Results from SANS survey).
- Seventy-five percent of attacks start in email attachments, and 46% of attacks start in email web links (Results from SANS survey).
- The top challenges companies face in targeting threats include identifying sophisticated new attacks and lack of budgeting.
- IT professionals cite endpoint security software and improved patch management systems as some of the most important security-improving factors (SolarWinds survey).
- Cloud technology, mobile device usage, and shadow IT represent serious new vulnerabilities. SSL certificates and HTTP can play an integral role in help desk and cloud technology protections.
- Employees and devices account for high-risk endpoints. To successfully combat threats, IT departments should invest in data privacy as well as help desk/end point security and employee training (Dell survey).
- The threat landscape is constantly in flux. What works today might not work tomorrow, so recognizing the impact of the threat landscape can be key to minimizing risk.
When companies develop security strategies, help desk professionals are there, front and center. They serve on the front lines of cyber warfare, detecting threats and arming employees with the tools they need to stay safe.
Help desk professionals play a role in company-wide cyber security, but some of the most common help desk activities can increase the risk of an attack. Investigating threats, resetting passwords, troubleshooting applications, and working with mobile devices can all serve as a canvas for social engineering attacks such as phishing or ransomware.
Invest in integrated, automated help desk management and security tools to help protect against breaches. malware installations, and other threats—and to empower your IT help desk team to also serve as the organization’s first line of defense against cyberattacks.
SolarWinds Web Help Desk – Free Trial
Get help improving IT service management while strengthening your company’s security posture in the process. Download a free trial of the SolarWinds® Web Help Desk®.