98% of cyber attacks involve some form of social engineering. And while it may be true that c-suite executives are a favored target of threat actors for obvious reasons, companies have often overlooked (and even neglected) an attack vector that poses just as much risk: the help desk.
In this article, we’ll outline why the help desk is a primary target for social engineering attacks, the real-world consequences of not mitigating against this risk, and what you can do to support and protect your help desk employees.
Why Are Help Desk Employees an Attractive Target for Social Engineering Attacks?
IT staffers receive an average of 40 targeted phishing attacks a year. This is no coincidence, as the nature of many IT roles—especially that of the help desk—possess many of the qualities threat actors look for when assessing their point of entry. Here’s why:
- Help desk employees are the primary touchpoint for a high volume of interactions. Whether it’s for other internal employees or an organization’s customer base, help desk employees deal with a lot of people in their day-to-day. This opens them up to all sorts of social engineering attempts masquerading as just another ticket to be resolved.
- Stress can lead to security vulnerabilities. It’s easy for help desk employees—especially on the customer-facing side—to get fatigued by all the requests they have to work through. If they let their guard down too much, a threat actor might slip through the cracks.
- Customer service is priority #1. Help desk employees are paid to deliver quality service to their customers, and many of their tickets are time sensitive. The pressure to keep the customer happy sometimes comes at the cost of inadequate security measures.
- They have extensive access to sensitive information. Many help desk employees have highly privileged access, yet they are often entry-level and not experts on cybersecurity. This combination presents an easier pathway to a successful breach for threat actors.
Help desk employees are both an organization’s most accessible endpoint and first line of defense. Still, they’re rarely given the amount of attention or training that this distinction deserves—and it can have massive consequences.
Recent Social Engineering Attacks Reveal What’s at Stake with Help Desk Security
How MFA Fatigue Opened the Door to a Fortune 500’s Internal Systems
In a recent breach on a Fortune 500 company, the alleged hacker claimed to have gained access by exploiting their multi-factor authentication (MFA) systems. An IT employee’s login credentials were compromised through a social engineering attempt that allegedly involved the spamming of push authentication requests to another employee for over an hour.
After the employee had received repeated push authentication requests, they were messaged over WhatsApp under the guise of the aforementioned IT employee. The employee finally approved the authentication request, giving the hacker access to several internal systems. This included the company’s privileged access management platform.
Once inside these systems, the hacker was able to gain even broader access to other internal systems and privileged information such as the company’s Slack channels and vulnerability reports. As the details of this case continue to unfold, it’s clear that protecting help desk employees should be a top priority for organizations, as they’re often the ones authenticating users requesting access to systems.
How a Single Phone Call Compromised MGM’s Customer Records
In September of 2023, MGM experienced considerable downtime and compromised the social security numbers of their customers after falling victim to a simple-yet-savvy social engineering tactic: vishing.
Vishing is a portmanteau combining the terms “voice” and “phishing”. Like phishing, vishing uses impersonation to take advantage of someone’s trust and ultimately gain access to confidential information. The difference? Phishing typically involves fraudulent emails while vishing is done through the phone.
In MGM’s case, this is all it took to compromise their systems:
- The personal information of an employee (found on LinkedIn).
- A phone.
- A convincing acting job.
The threat actor successfully convinced a help desk employee to reset the password of another MGM employee—and it didn’t take any of the technical effort of the typical phishing attack. From there, the threat actor proceeded through MGM’s internal systems like any other employee.
So what can you do to prepare and support help desk employees if a phone call is all it takes to topple an organization’s defenses?
Safeguarding the Help Desk with Elevate Security
Our security platform was built on the understanding that just 8% of users cause 80% of security incidents. It’s a proactive solution that addresses security from the inside out to defend your organization from all angles—including your help desk.
Here are Elevate’s three tools to safeguard your help desk from social engineering:
Elevate Engage
Your help desk employees are busy. Pulling them out for training or flooding them with simulated phishing tests with no end goal is ineffective and a waste of time. But when they’re your first line of defense against threat actors who view them as the perfect attack vector, you need some way to improve their individual tendencies towards risk. This is where Elevate Engage comes in.
What makes Elevate Engage unique is that it allows you to coach employees at a 1:1 level over the course of time. Human risk scorecards give you deep insights into the actions of each employee, helping you get a sense of their individual security habits. From there, you can deploy the right-touch risk response at the right time—without wasting time on broad, ineffective training sessions. Whether it be a nudge on Slack that alerts an employee when they click on a phishing link or assigned training specifically tailored to that employee’s weaknesses, Elevate Engage gives you the tools to build a positive security culture.
Elevate Identity and Control
Help desk employees play a significant role in most authentication workflows. Sometimes they’re verifying the credentials of an internal employee. Sometimes they’re requesting access from the security team to reset a password. In either case, Elevate Identity and Elevate Control can help manage access to business-critical resources with hyper precision.
Equipped with the same individualized insights that make Elevate Engage an exceptionally personalized course corrector, the combination of Elevate Identity and Elevate Control allows you to automate several access decisions based on control factors such as threat signals (i.e. how prone a given individual is to risk). The flexibility of this automation is near endless. You can trigger enhanced MFA, access governance reviews, or even revoke access if a predefined set of rules are met.
With the ability to make informed access decisions and deploy them at scale, you can prevent most breaches from ever happening and stop them in their tracks when they do.
Final Thoughts
Help desk employees don’t have an easy job. While their role comes with immense security risk, it’s hardly ever their primary focus when they have so much on their plate. By supporting them with proactive, 1:1 risk mitigation tools, you can prevent social engineering attacks from escalating to catastrophic levels.
If you’re ready to eliminate guesswork and take the fate of your organization’s cybersecurity into your own hands, request a demo of Elevate. We’d love to show you how our platform can level up your security strategy.