Security News > 2021 > June > IT service desks lacking user verification policy, putting businesses at risk

IT service desks lacking user verification policy, putting businesses at risk
2021-06-07 03:30

48% of organizations don't have a user verification policy in place for incoming calls to IT service desks, according to Specops Software.

The survey found that 28% of the companies that actually do have a user verification policy in place are not satisfied with their current policy due to security and usability issues.

The National Institute of Standards and Technology recommends against using knowledge-based questions because of their lack of security.

Password resets at IT service desks are a serious vulnerability.

"Based on our recent findings, password resets at the service desk are a serious vulnerability for organizations of all sizes," said Marcus Kaber, CEO of Specops Software.

"In the absence of a self-service password reset solution, it is up to the service desk agent to verify that the caller is the legitimate owner of the account before issuing a new password. Unfortunately, without a secure verification policy in place, service desk agents can provide account access to unauthorized users without even knowing it - exposing businesses to an increase risk of costly cybersecurity breaches."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/2pI-DTHcs9c/