PHILADELPHIA, PA — 48% of organizations don’t have a user verification policy in place for incoming calls to IT service desks, according to Specops Software, the leading provider of password management and authentication solutions. The information was uncovered as part of Specops Software’s survey of more than 200 IT leaders from the private and public sectors in North America and Europe.
In addition, the survey found that 28% of the companies that actually do have a user verification policy in place are not satisfied with their current policy due to security and usability issues. For example, the majority of these companies rely on knowledge-based questions using static Active Directory information, such as an employee ID, a manager’s name, or even HR-based information like the employee’s date of birth or address – data that can easily be sourced by hackers. In fact, the National Institute of Standards and Technology (NIST) recommends against using knowledge-based questions because of their lack of security.
“Based on our recent findings, password resets at the service desk are a serious vulnerability for organizations of all sizes,” said Marcus Kaber, CEO of Specops Software. “In the absence of a self-service password reset solution, it is up to the service desk agent to verify that the caller is the legitimate owner of the account before issuing a new password. Unfortunately, without a secure verification policy in place, service desk agents can provide account access to unauthorized users without even knowing it – exposing businesses to an increased risk of costly cybersecurity breaches.”
Specops Secure Service Desk enforces user verification at the IT service desk and minimizes the risk for false user verification when resetting passwords. For more information, visit https://specopssoft.com/product/secure-service-desk.
Thanks for visiting! MyChesCo brings reliable information and resources to Chester County, Pennsylvania. Please consider supporting us in our efforts. Your generous donation will help us continue this work and keep it free of charge. Show your support today by clicking here and becoming a patron.