Jane Ku - Intern - Business & Strategy Management
Recently, a chaotic cyberattack has been achieved by hackers impersonating an employee and obtain the credentials through IT help desk in State. This incident has shown the low responsiveness of involved staffs, and the penetration would be much more rapid and thorough if the identity of a VIP staff was used, chaos incurred would be more inconceivable.
Indeed, their accounts were granted higher access level to confidential information, so these VIPs would be the primary target and their security awareness level would be critical for the very existence of the organization.
“Executives should be mindful that, complying to the identity verification processes are essential and beneficial.” said by Raymond Liu, Founder & CEO of Light Security Consulting.
“It is a responsibility for the IT help desk to act as a gatekeeper protecting your credential and reputation, instead of a mistrustful behavior. The most secured way of screening your request would be confirmation from authentication technology, such as MFA or biometric verification. Alternatively, requisite auxiliary verification completed by co-workers like immediate manager and their personal assistants could be set up.”
Even if the resumption of VIP account is not timely, the self-proclaimed potential revenue loss would not be larger than cost incurred from cyber-attacks. Hence organizations should shift security left to early stages on awareness to accomplish expenditure minimization.
Corporate trainings are vital to implement security awareness throughout the top managerial level. Organization VIPs should all be well informed that accessibility and security are two mutually exclusive concepts in the aspect of credential protection, and they should not create fatal loopholes in organizations’ digital assets just for their convenience.