Supporting Users While Safeguarding Against Social Engineering
By Eric Egolf, CEO
Cyberattacks have evolved in many ways, and one major concern on the rise is the surge in social engineering threats targeting support teams. The MGM hacks made headlines recently for this when a straightforward call to the help desk resulted in a major security breach. It was a wake-up call to the IT industry at large.
In that case, a hacker manipulated the help desk into changing a user’s phone number. The attacker then had control over not only the user’s credentials but also the power to approve MFA requests, granting them access to the company’s systems. This unfortunate event underscored the urgent need to verify users’ identities before implementing security and access-related changes.
Focusing on User Authentication Solutions
IT providers and support teams are increasingly focused on the importance of verifying user identities before making critical security changes. Think password changes, MFA settings, or access permissions. The goal is to ensure that these requests are coming from legitimate sources within the organization.
CIO Solutions has utilized various techniques, like passphrases, for high-compliance businesses. While effective, these methods aren’t suitable for widespread use due to their potential clunkiness and incompatibility with our “First Call Resolution” support approach.
So, what are the more effective strategies to bridge this security gap?
- User MFA Verification: Registering cell phones for currently approved users and requesting MFA during support interactions.
When users contact support for significant security-related changes (such as password modifications, security access grants, or MFA number updates), the support agent would send an MFA verification code to that user’s registered number. The user would then need to confirm their identity by sharing the code with the support agent before the change could be made.
- Designated Approval Contacts: Establishing pre-designated company contacts to serve as Security Approvers.
In situations where registering all users’ cell phone numbers isn’t possible, businesses would designate Security Approvers beforehand. When employees contact support for security-related changes, the support team would contact the pre-designated Security Approver for verification and approval, adding an extra layer of validation.
These methods are some examples of how the issue may be addressed, and they are continually evolving. The goal is simple: ensure every security-impacting change is authorized as legitimate. Note: Regular support requests wouldn’t require this verification, only security-impacting ones.
But here’s the thing—these methods require a team effort between your company and your IT team. Keeping databases updated with accurate employee information and increasing communication between your company and your IT provider is crucial.
At CIO Solutions, we are actively evaluating and implementing the best solutions to balance increased security measures without disrupting the support experience —we understand the importance of both.
As business leaders, we need to acknowledge the value of these security measures, as well as the risk of not implementing them. Together, by remaining proactive and collaborative, we can continue to strengthen our defenses and stay ahead of evolving cyber threats.
Not a client yet, but wondering how to improve your IT experience? Let’s talk!