http://www.csoonline.com/article/736544/why-help-desk-employees-are-a-social-engineer-s-favorite-target
By Steve Ragan
Staff Writer
CSO
July 17, 2013
A new report from the SANS Institute and RSA on help desk security and
privacy finds help desk workers are the easiest victims for a determined
social engineering criminal. Due to metrics and basic job requirements,
end user and network support operations are still the top target when it
comes to breaching corporate security. The reason is that help desk
operators are being too helpful, which results in attackers gaining access
simply by asking.
If you work in an office or remotely from home, you're familiar with the
help desk. They're the team that resets passwords, issues email addresses,
and helps you fix your computer. Within IT, the help desk is the first
line of contact with the rest of the company, and they're tapped to deal
with all of the 'minor' problems that don't require contacting a network
engineer or administrator.
Help desk staff are judged, and their performance is measured, by a common
set of metrics. Typically, the metrics are based on time and volume,
followed by a third metric of quality that gauges how well they document
their day-to-day dealings with the company and all of their work. However,
because they are often judged on the number of requests they can correctly
solve in a day (volume) and how fast they can solve them (time), SANS says
this effectively sets up the human agent to be the weakest link in the
security of the help desk.
"Agents, especially those working Tier 1 support, are trained to be
friendly and get as many calls completed, resolved or transferred as
quickly as possible, according to the established KPIs. As a result, an
agent may ignore or work around compliance or quality requirements by
trying too hard to meet the goals for quantity and timeliness," the report
says.
[...]
--
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
http://www.hotinfosecjobs.com/
