EMC's RSA division recently published the results of the SANS 2013 Help Desk Security and Privacy Survey [PDF file] of more than 900 IT professionals worldwide, which found that fully 69 percent of respondents say social engineering is the biggest threat to help desk security.
Still, a majority of organizations still use basic personal information (name, location, employee ID number) to verify callers' identities. Additionally, many help desk employees will bypass security controls in order to be more helpful to the caller.
For almost 43 percent of respondents, help desk budgets are determined by the number of users, not the cost of a security incident.
Only 10 percent of respondents described their help desk security practices as robust.
"In many instances the help desk is the first line of defense against breaches and securing it should be as important as any other business-critical function," RSA chief technologist Sam Curry said in a statement. "The new help desk needs to strike a balance of enhanced security and end-user convenience that integrates security directly into the process by adding technologies for automation and enterprise-level authentication, and continuous training to mitigate human error."