The recent MGM breach was made possible by a bad actor social engineering the help desk into providing them access. Does your organization take steps to authenticate callers to your help desk before the help desk performs any actions that may allow access (changing passwords, resetting/disabling/reconfiguring MFA etc.)  If yes, how have these methods worked out? Were they effective and did you get any pushback from users?

2.5k viewscircle icon3 Comments
Sort by:
IT Analyst2 years ago

Yes, Service Desk must call them back at their number listed in the company directory.  No user pushback.  

Chief Information Security Officer in Healthcare and Biotech2 years ago

Yes

Co-Founder in Services (non-Government)2 years ago

on a separate note, as an idea, have rules that will alert if people want to disable MFA. 

Content you might like

If your organization had a Business Continuity Plan (BCP) in place to handle the CrowdStrike outage, how effective was it when managing the outage?

Very effective15%

Moderately effective39%

Slightly effective30%

Not effective5%

We did not have a BCP in place7%

N/A - We weren't affected by the outage5%

View Results

Any best practices your team follows when using AI solutions at work? Thinking of security tips, AI-generated content review, training, etc.

Read More Comments

Has anyone recently implemented platform engineering? Could you share the pros and cons that your team is experiencing?

Have you altered your Twitter habits since Elon Musk took charge?

Yes, I've decreased my usage due to Elon Musk's impact27%

Yes, I'm now more active because of Elon Musk's impact40%

No, my usage of Twitter has not changed since Elon Musk's takeover25%

I don't use Twitter, so Elon Musk's presence has no impact on me9%

View Results

Does your IT team or your HR team absorb the costs of HR technology?

Read More Comments