Steve Rangan over at the The CSO site wrote:
"A new report from the SANS Institute and RSA on help desk security and privacy finds help desk workers are the easiest victims for a determined social engineering criminal. Due to metrics and basic job requirements, end user and network support operations are still the top target when it comes to breaching corporate security. The reason is that help desk operators are being too helpful, which results in attackers gaining access simply by asking.
"If you work in an office or remotely from home, you're familiar with the help desk. They're the team that resets passwords, issues email addresses, and helps you fix your computer. Within IT, the help desk is the first line of contact with the rest of the company, and they're tapped to deal with all of the 'minor' problems that don't require contacting a network engineer or administrator."
This is worthwhile to check out, the link to the full SANS/RSA report is in the article:
