The recent MGM breach was made possible by a bad actor social engineering the help desk into providing them access. Does your organization take steps to authenticate callers to your help desk before the help desk performs any actions that may allow access (changing passwords, resetting/disabling/reconfiguring MFA etc.)  If yes, how have these methods worked out? Were they effective and did you get any pushback from users?

2.5k viewscircle icon3 Comments
Sort by:
IT Analyst2 years ago

Yes, Service Desk must call them back at their number listed in the company directory.  No user pushback.  

Chief Information Security Officer in Healthcare and Biotech2 years ago

Yes

Co-Founder in Services (non-Government)2 years ago

on a separate note, as an idea, have rules that will alert if people want to disable MFA. 

Content you might like

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

What are useful tools for penetration testers?

Burp suite26%

Web application scanners51%

Network vulnerability scanners65%

Exploiting tools (Metasploit)43%

Wireshark19%

SQLmap6%

View Results

What is your organization’s roadmap for persona-based / personalized IT?

Implemented or implementation in progress14%

Implement in the next 12 months57%

Implement in the next 3 years17%

Will not implement for now10%

Don't know1%

View Results

As a new-to-role CISO, I am wondering how do you make RACI look better than it looks `on-paper` in your company? What I am specifically looking for is, ways of fostering real collaboration and reaching to consensus between oldies and newcomers in their roles. Thanks in advance. Cemil Cetinbas

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented 

Read More Comments