Help Desks Under Siege: Bolstering Cyber Defenses

By Robert Hughes, Chief Information Security Officer, RSA Security [ Join Cybersecurity Insiders ]
382

We’ve all heard the stories. In 2023, Caesar’s Entertainment shelled out a whopping $15 million in damages due to a cyber breach, and MGM Resorts International took a $100 million hit from a ransomware attack. In each case, the breaches in question were caused at least in part because of an often-overlooked threat vector: the companies’ own help IT desks.

Threat actors aren’t giving up on this tactic, either. Earlier this year the American Health Association and the U.S. Department of Health and Human Services issued separate warnings that cybercriminals were targeting healthcare help desks.

Why Help Desks?

Ransomware attacks have become as common as morning coffee. Without strong security safeguards in place, organizations can unwittingly roll out the red carpet for cybercriminals via their IT service desks, giving hackers VIP access to company resources and compromising overall security. The IBM Security Cost of a Data Breach Report 2023 found that the average financial impact of these ransomware attacks now exceeds $5 million, and  the threat is only growing.

Help desks are an attractive target for cybercriminals for a number of reasons, the biggest being the level of access IT workers have to an organization’s most sensitive data and functions. Help desks have the power to take high-risk actions such as resetting passwords, removing MFA for a locked-out user, creating new user accounts, and assigning or revoking privileges. If a savvy attacker is able to trick the help desk into doing any or all of these things, they can potentially gain unfettered access to systems and the ability to carry out all sorts of malicious activities, whether that be installing malware or ransomware, exfiltrating sensitive data, or even simply establishing a back-door for later activities down the road.

Strengthening Help Desk Security

With the threat of help desk abuse on the rise, organizations must take steps to harden their help desks against potential attacks. One of the best ways to achieve this is to adopt a Zero Trust mindset.

It’s essential for every organization to question how much access their help desk has in their environment. In keeping with Zero Trust philosophy, help desks should only have access to the functions they need to do their jobs when they need them—that means regularly reviewing to ensure the help desk has the least privilege it needs to fulfill its role. Giving broad administrative access for all help desk personnel is a non-starter, and one of the surest ways to open your organization to an attack via this vector.  Security teams should regularly review privileges and entitlements of help desk employees to make sure nobody has more access than they need.

Furthermore, help desk employees need to hear from leaders and security teams that they need to follow established processes, require documentation, and verify users—especially for exceptional requests—to maintain a secure practice. Knowing leadership has the help desk’s back and that there are no exceptions even for VIPs calling in with an “urgent” request is key.

Identity Verification and MFA 

Once the proper understanding and processes have been put in place for the structure of your help desk and the people staffing it, next organizations should look at security solutions that can further bolster their help desk’s security posture. Authenticating user identities at each step of a help desk engagement is critical, and while voice and visual identification can be effective, they are not always an option. To address this, organizations should take a defense-in-depth approach to securing their help desks.

Combining multi-factor authentication (MFA) with other out-of-band contact methods such as manager approval via a ticket system, calling the manager manually, having a conference call with the service desk employee, the user making the request, and then a relevant manager or team member, are all effective methods that can stop a cybercriminal in their tracks.

The Help Desk Needs Help

With the prevalence of costly ransomware attacks, data breaches, and more, establishing a strong security posture across your organization’s entire threat surface has become a financially material concern.

The surge in cyberattacks targeting service desks is a stark reminder of the importance of robust security measures. By implementing strong MFA, verifying identities, and cultivating a culture of security, we can mitigate risks and safeguard our resources against cybercriminals.

Don’t let your help desk harm your organization. Fortify your defenses against this emerging tactic to stay safe from cybercriminals looking to weaponize your help desk.

Ad

No posts to display