Cyber Risk Mitigation for
the Service Desk
by Brett Moffett
All organizations struggle with the management of security and the ever-changing goal posts of a “secure” environment. With cybercrime expected to cost $5.2 trillion globally over the next 5 years, IT Support departments need to be extra vigilant to mitigate risk.
Most IT security departments want their front-line support staff to have as little administration access as needed to reduce the possible vectors for attackers, but also to reduce the damage capable of malicious internal staff.
However, support staff require administrative or elevated privileges to be able to provide end users support for the systems they require. Finding a balance between security and functionality is an ongoing, and often frustrating, task.
Here are some simple steps you can take today to mitigate cyber security risks on your Service Desk:
1. Apply Role Based Access Control (RBAC)
According to Varonis’ Global Data Risk report, 53% of companies found over 1,000 sensitive files open to every employee. Over exposed data, and administrative access, poses a huge security risk.
To mitigate this risk:
• Create separate administration accounts for support staff with relevant elevated privileges, ensuring that the elevated accounts have the least amount of privileges needed to undertake the identified tasks.
• Provide a limited toolset that can perform the identified tasks required for each support staff member that is controlled by one or more limited
service accounts. All actions taken by individual
users should be recorded in a secure manner for monitoring and audit purposes.
2. Automate Processes
Human error accounts for nearly 37% of data breaches . To reduce human error, automate processes with the required level of authorizations and approvals to remove or reduce the possibility of a deliberate attack from a malicious staff member, or an unplanned security breach due to poor execution, understanding of the process, or basic human error by staff.
3. Perform Ongoing Validation & Review
The average time to resolve an attack perpetrated by an internal employee is 51 days . It’s important to regularly revalidate all access granted to support staff, either via separate administration accounts or Role Based Access Control, to ensure the identified requirements are still relevant and required. It's also important to review audit logs on a regular basis and after any cyber security event.
4. Implement Authentication Controls
74% of data breaches start with privileged credential abuse . Be sure to enforce strong password or authentication controls on all accounts including elevated privilege and service accounts.
i
ii
iii
iv
11