In addition to the human component, lack of training, tools and technology also plays a key role in overall help desk security. More than 51% of respondents say they have a moderate approach to help desk security as part of their overall corporate security controls, but are not necessarily focusing on training or additional technologies for day-to-day activities. With most budgets determined by the number of users serviced, rather than cost per call or even cost of potential security breaches, establishing a return on investment (ROI) for new processes, additional training, and tools for daily support can be extremely difficult. Additional findings include:
- 44% of respondents ranked verification of call-in users a much greater threat than that for self-services users (11%).
- Only 10% of respondents ranked their security practices for the help desk as robust.
- Nearly 43% of respondents do not take the cost of a security incident into account when establishing their help desk budget; rather help desk budgets are determined by the number of users.
- Automation and self-service options for common user issues including password resets to help reduce errors and vulnerabilities that lead to successful breaches and data theft
- Robust and continuous training for help desk personnel to learn how to spot and react to potential social engineering attacks
- Advanced tools that leverage dynamic data sources and new authentication methods to more accurately identify users and their location