March 13, 2024
by John Funk / March 13, 2024
The role of help desks continues to expand, and now that hackers see them as potential weak links, companies need to improve their cybersecurity capabilities.
Not long ago, a hacking group known as Scattered Spiders targeted a Las Vegas casino’s help desk to gain access to valuable and sensitive data, costing millions in financial losses and a sullied reputation.
That incident has become a wake-up call for enterprises that haven’t spent the time and energy training the front-line employees who work their help desk or transitioning away from potential human error to automation.
If there’s a silver lining to the fact help desks are getting plucked like low-hanging fruit, it’s that industry leaders can quickly harden their cybersecurity posture.
It’s essential to remember that help desks run entirely by “real people” are a double-edged sword.
Clients, customers, and colleagues typically prefer speaking with someone who empathizes with their situation and possesses strong problem-solving skills.
On the other hand, studies indicate that over 95% of all security breaches can be traced back to that same real person making a mistake or being involved in an insider attack. Furthermore, an IBM study estimated it took organizations an average of 277 days to identify and contain a data breach.
The question is whether business decision makers want to continue taking a not-so-calculated risk.
Below are some common vulnerabilities that help desks present when not effectively equipped to identify, avoid, and assist in repelling threat actors.
Much of the problem with susceptible help desks stems from what some call “cyber fatigue.” Systemic apathy weighs on people tasked with proactively defending and repelling threats affecting too many organizations.
By onboarding a managed IT firm with a help desk and cybersecurity expertise, enterprises can reverse the seemingly downward spiral that could get them hacked. The time is now to strengthen help desks and insulate valuable and sensitive digital assets from prying eyes and thieves.
When smartly designed and implemented, a help desk can be vital and effective in an operation’s cybersecurity hygiene.
However, companies will need to get to a place where the help desk provides more than solutions to common technical problems, offers insight, or directs people to someone who can provide further assistance.
An IT cybersecurity help desk with enhanced protections in place can deliver the following benefits.
When the cybersecurity facet of a help desk has been fully realized, it can serve wide-reaching purposes. These diverse benefits far exceed the support of staff members and customers.
One of the areas that organizations often feel overburdened involves regulatory compliance.
A secure and well-functioning IT help desk helps shield personal identity information such as employee Social Security numbers, tax records, bank accounts, and other sensitive information.
When working in conjunction with other cybersecurity pillars, a help desk allows companies to meet or exceed the high standards set by laws like the EU’s GDPR and the HIPAA in the U.S. Safeguarding data, starting with the help desk, can change how operations address state, national, and international regulatory compliance.
Help desks provide an excellent transformational opportunity. Upgrading from a service-only element to an IT cybersecurity help desk changes the entire dynamic of data privacy and protection.
This evolution starts with installing the knowledge and best practices necessary to change the current handling of requests and routine solutions into an impenetrable cybersecurity barrier.
Below are the essential shifts and best practices necessary to complete the process and maintain a robust cybersecurity-based help desk.
Companies continue to invest in cybersecurity awareness training to lower insurance costs and liability and protect critical data. This investment must also extend to help desk staff members if they are to become an outfit’s first line of defense.
In cases where companies outsource all or a portion of their help desk needs, enlisting a managed IT firm that offers cybersecurity help desk support is crucial.
Whether a human staff member or machine learning tool uncovers an anomaly, incident reporting, tracking, and real-time responses are vital. Falling into the average of 277 days to identify and purge a threat is entirely unacceptable.
A well-oiled help desk and trained staff members will likely identify and report potential threats long before hackers access valuable data. That’s why it’s mission-critical to establish a threat intelligence protocol.
A security information and event management (SIEM) system can be utilized to scrutinize user behaviors.
Cybersecurity experts can program automated tools to identify even minor changes to the way a legitimate employee's profile is typically used. In this fashion, a SIEM proves an invaluable threat-hunting asset.
Should a hacker seize control of someone’s network profile, the subtle differences effectively send up an intruder flare. Companies that adopt and use SIEMs proficiently through their help desks gain a competitive advantage over cyber attackers.
The nature of help desks is often to provide solutions 24 hours a day, 7 days a week. That positions them as natural gateways to integrate 24/7 cybersecurity monitoring, threat hunting, and responses.
Security alerts can be routed to help desk personnel — if and only if they have cybersecurity expertise — to minimize the time and energy spent chasing false positives. Changing the philosophy of a basic help desk into one that furthers the operation’s cybersecurity objectives hardens your attack surface.
Perhaps the key to a successful cybersecurity-based help desk is the training and expertise of the people making decisions. Ongoing awareness training reminds staff members to follow this simple rule: See something, say something.
What seems like a minor computer hiccup could very well be a telltale sign of an insider attack, malware propagation, or a digital intruder. With the right people overseeing your help desk, any employee can alert the team to investigate what could be a debilitating ransomware attack.
The 2023 hack of MGM Resorts International presents cybersecurity experts and other corporations with a teachable moment. The Las Vegas casino was stung by a loosely organized band of miscreants known as “Scattered Spiders.”
Identified as Gen Z hackers, the group went big game hunting, bringing the MGM Hotel and Casino to its knees.
What’s critical for this discussion is the fact these relatively inexperienced cybercriminals used the mistake of a help desk employee to insert ransomware into the casino’s network, forcing it to go analog for upwards of 10 days.
After days of using paper, pencils, and old-fashioned room entry keys, the operation assured guests normal operations had resumed. Then, the terrible news hit.
Although the hackers were eventually expelled, they made off with a veritable treasure trove of guests', employees', and contractors' personal identity information. Social Security numbers, credit cards, passports, and driver’s licenses had been exposed.
How they pulled off an attack on an organization that places an extremely high emphasis on physical and digital security demonstrates it could happen to any company with a weak help desk.
Scattered Spiders engaged in significant social engineering research. They apparently knew enough about at least one reasonably high-level person to convince the help desk worker they were that very individual.
This type of background research can typically be pulled from professional networking platforms such as LinkedIn and social media profiles such as Facebook, X, and Instagram, among others.
The help desk worker could have vetted the caller thoroughly, asking personal identity questions that should be on file. But the caller, employing what is known as a “vishing” phone call, was given a temporary username and password to log into the MGM network.
After a clever maneuver to flood the actual employee with phony confirmation requests until the staff member cried uncle and clicked “approve,” the online criminals ran roughshod over one of the world’s largest hospitality operations.
In hindsight, a better-prepared help desk could have denied the temporary access request and served as an emergency alert system. Had the staff member who fielded the vishing call recognized any telltale signs the request was not legitimate, that information could have been promptly sent to MGM’s cybersecurity team.
A subsequent investigation may have resulted in a digital security team embarking on a threat-hunting mission.
Even if they didn’t find evidence of an impending cyber attack, notifications would have been sent to all employees to report any suspicious emails, text messages, or calls. That’s precisely why evolving to a determined cybersecurity help desk is mission-critical in light of the efforts by Scattered Spiders and other criminal organizations.
In a fast-evolving technology landscape, there’s some debate about using or overusing automation in wide-reaching industries. Although an IT cybersecurity help desk enjoys the support of a specialized team with expertise in data protection, automation also plays a significant role.
Using AI and machine learning technologies adds to a proactive cybersecurity help desk.
An IT help desk empowered to conduct preemptive cybersecurity measures benefits from machines and humans coexisting in the following ways:
It’s vital for companies to keep in mind the need for cybersecurity doesn’t end when the 9-to-5 crew clocks out.
A hacker sitting in a café halfway around the world is inclined to target vulnerable networks while its leadership team is fast asleep. Rather than pay real-life employees to drink coffee and stand at a help desk post, automation maintains a watchful digital eye.
Integrating technologies to handle as-desired aspects of the help desk cybersecurity posture makes them cost-effective and scalable. Machine learning and AI alert systems do not take vacations, call out sick, or require matching funds to be placed in their 401(k). They simply carry out the tasks cybersecurity experts and management teams require.
When that cybercriminal attempts a forced digital entry during the dead of night, a real person receives an alert and takes action to expel the threat actor. Ideally, an intelligently designed IT cybersecurity help desk balances automated features with human decision making.
It’s abundantly clear the future of help desks will continue to bring humans and technology closer together to harden company defenses. AI and machine learning provides a unique opportunity to ferret out garden variety hackers and advanced persistent threats the moment they log into a business network using a staff member’s credentials.
The same holds true of disgruntled employees or moles trying to steal industry secrets. Seemingly minor differences in user behavior trigger alerts that would otherwise go unnoticed until it's too late.
That’s why industry leaders are investing in 24/7 monitoring with help desk automation, and third-party managed IT cybersecurity experts to protect their sensitive and valuable data.
As companies improve their help desks to combat cyber attacks, more will cure an inherent problem — not having a cybersecurity incident response plan. According to an S&P Global Corporate Sustainability Assessment, approximately 20% of companies do not have an incident response plan to deal with data breaches systematically.
Onboarding cybersecurity experts to drag IT help desks into the future doesn’t appear to be optional if industry leaders want to stay in business. For example, the fallout from the MGM hacks didn’t end with the casino and hotel organization suffering a short-term loss of control and $100 million.
After customers and industry partners learned their private information was stolen, multiple class action lawsuits were filed. The cybersecurity wing of the FBI investigated the organization and incident. Those are the types of dark clouds that persist and threaten a company’s reputation long after the dust settles.
The decision to upgrade an IT help desk to include proactive cybersecurity measures requires thoughtful consideration. Some companies only rely on their 9-to-5 help desks to field customer service calls and support office personnel during work hours.
As long as the people operating the help desk and the system being used do not have far-reaching network capabilities, placing it under the overall corporate cybersecurity umbrella may be viable. This would involve cybersecurity awareness training for help desk employees, enterprise-level firewalls, antivirus software, and other necessary protections.
But suppose your organization allows help desk employees to send and receive electronic messages from various sources, research and help resolve digital hiccups, or issue temporary usernames and passwords.
In that case, hackers will see it as low-hanging fruit ready for harvest.
It may be in your best interest to embrace the future and upgrade your current system to a cybersecurity help desk, especially with the help of a proven, reliable managed services provider that can identify, report, and help expel threats before you suffer financial losses, civil lawsuits, and a tarnished reputation.
Explore an in-depth guide providing insights into setting up an efficient help desk system.
Edited by Jigmee Bhutia
John Funk is a Creative Consultant at SevenAtoms. A lifelong writer and storyteller, he has a passion for tech and cybersecurity. When he’s not found enjoying craft beer or playing Dungeons & Dragons, John can be often found spending time with his cats.
The zero-sum game between cyber adversaries and defenders is now becoming lopsided.
by Jasmine Kharbanda
Imagine you accidentally leave a rarely-used window open in your home. You don’t think...
by Soundarya Jayaraman
The zero-sum game between cyber adversaries and defenders is now becoming lopsided.
by Jasmine Kharbanda
