BEDFORD, Mass., July 17, 2013 /PRNewswire/ --
- RSA released the findings of a SANS Institute research survey on help desk security and privacy.
- Respondents included more than 900 IT professionals worldwide from a variety of industries including government, finance, education, healthcare, IT and telecommunications
- 69% of respondents cite social engineering as biggest threat to help desk security while nearly 27% surveyed report having weak help desk security policies
- 43% of respondents do not take the cost of a security incident into account when establishing their help desk budget; rather help desk budgets are determined by the number of users.
RSA, The Security Division of EMC (NYSE: EMC), today announced the findings of a new report by the SANS Institute spotlighting the threats and privacy issues facing help desks today. Surveying more than 900 IT professionals worldwide, SANS 2013 Help Desk Security and Privacy Survey identifies the most common help desk vulnerabilities and offers guidance designed to help organizations address these critical issues. Survey results include results on organizations' help desk processes, procedures and personnel behaviors that have potential implications to enterprise security.Help desks are most commonly asked to assist users in addressing common IT problems including password resets and application and connectivity issues. Often the performance of help desk employees is measured by how quickly they can serve callers and resolve the issue. Unfortunately, in many cases, security does not play a major role in the process and as a result, help desks have become an unintended entry point for hackers and malicious insiders attempting to gain access to sensitive enterprise resources. Most respondents (69%) identify social engineering as their biggest threat to help desk security. Yet a majority of organizations still use basic personal information including name/location and employee ID number to verify the identities of callers into the help desk -- information that can be easily sourced by an imposter. Furthermore, many help desk employees will bypass security controls in an effort to be more helpful to the caller.