Hackers are increasingly using sophisticated social engineering techniques and AI-generated deepfakes. Their goal? To fool IT helpdesk agents into resetting employee passwords and multi-factor authentication (MFA). Once they’ve taken over an employee’s account, attackers then exfiltrate data and deploy ransomware. MGM Resorts lost over $100 million to this type of attack, and a Hong Kong multinational was scammed out of $25 million.
It's no surprise, then, that Eric Richard, HubSpot’s Senior VP of Engineering and Chief Information Security Officer (CISO), has growing concerns over helpdesk vulnerabilities. In particular, he advises any CISO to "run like heck to make sure that you've got strong identity verification around your MFA". This is exactly why Eric and HubSpot integrated Nametag into the company's employee helpdesk and customer support processes.
In a recent discussion with Nametag, Eric elaborated on what keeps him up at night as a CISO; how to protect the human element of your security program; his decision to adopt Nametag at HubSpot; and more. In particular, Eric emphasizes the importance of protecting the helpdesk against AI-generated deepfakes and social engineering attacks.
On what keeps him up at night:
"The thing that's kept me up at night over the last couple of years has been this real increase in social engineering-based phishing attacks against user identity. You've seen tons of companies getting hit with these."
On how HubSpot uses Nametag:
"One case is verifying employees who are locked out of their accounts and need to be able to reset their multifactor authentication systems. Another one is verifying IT because one of the things that’s happening in a lot of these social engineering attacks is that bad actors are pretending to be IT (helpdesk). So how do you let your employees know that this is actually a legitimate IT person?”
On Nametag's unique technology:
“ ...what really struck me was Nametag’s both privacy-centric approach and the really interesting technical solution they have of tying together the features on mobile phones and being able to do facial detection...being able to make sure that you can't create a fraudulent identity.”
On his experience implementing Nametag:
“The Nametag implementation was actually incredibly simple. We were immediately starting to see decreases in tickets going to support, and the time to resolve those tickets, and increases in user happiness. We've seen fantastic results in time-to-resolve in deflecting tickets from coming into support, and just the overall experience that users are having as being positive."
About Nametag
Nametag uses machine learning and cryptography to empower helpdesks at organizations like HubSpot. We enable helpdesk agents to accurately distinguish legitimate employees and customers from impersonators. Nametag is the first zero-trust identity verification platform to specifically counteract the threats to IT helpdesks posed by deepfakes and social engineering attacks. With Nametag, We offer a swift and secure method for confirming the authenticity of employees and customers during crucial interactions like employee onboarding, account recoveries, and high-risk transactions.
Watch a demo of Nametag, or watch the full video with Eric Richard here.
