The recent MGM breach was made possible by a bad actor social engineering the help desk into providing them access. Does your organization take steps to authenticate callers to your help desk before the help desk performs any actions that may allow access (changing passwords, resetting/disabling/reconfiguring MFA etc.)  If yes, how have these methods worked out? Were they effective and did you get any pushback from users?

2.5k viewscircle icon3 Comments
Sort by:
IT Analyst2 years ago

Yes, Service Desk must call them back at their number listed in the company directory.  No user pushback.  

Chief Information Security Officer in Healthcare and Biotech2 years ago

Yes

Co-Founder in Services (non-Government)2 years ago

on a separate note, as an idea, have rules that will alert if people want to disable MFA. 

Content you might like

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Read More Comments

We are in a world obsessed with the latest technologies, where it seems everything even working should be updated or upgraded to avoid the "imposed" in my opinion "digital obsolescence myth". How inclined are you towards innovation and change when the existing systems are certainly working effectively?

Very inclined: I believe in constantly pushing for innovation and improvement, even if the current systems are effective46%

Moderately inclined: I'm open to innovation and change, but only if it clearly enhances or adds value to the existing systems48%

Not inclined: If the current systems are working effectively, I prefer to maintain stability and avoid unnecessary changes5%

View Results

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?

Distributors, if your supplier(s) offered a native app (installed through an application store like Google Play or Apple's App Store) would you use it?

Yes47%

Maybe48%

No3%

Uncertain2%

View Results