Customer Support

Customer Support technologies encompass a variety of software and platforms designed to manage and enhance interactions between businesses and their customers. These solutions typically include help desk software, customer service platforms, knowledge bases, and other tools that facilitate communication, issue resolution, and customer satisfaction.  

Importance of Knowing Sanctioned and Unsanctioned Usage:

1. Data Security & Privacy: Customer support systems often contain sensitive information, including customer details, transaction records, and private conversations. Unsanctioned tools may lack adequate security measures, exposing this data to breaches, unauthorized access, and potential legal ramifications.

2. Reputation Risk: If unauthorized customer support tools are used, it could lead to inconsistent support experiences, potentially damaging the company's reputation. Customers may need help with unreliable platforms or receive conflicting information, leading to frustration and dissatisfaction.

3. Compliance Concerns: Data protection regulations like GDPR and CCPA mandate strict customer data handling. Using unsanctioned tools may not comply with these regulations, leading to legal issues and financial penalties.  

4. Third-Party Risks: Many customer support platforms are cloud-based or involve integrations with third-party vendors. Using unsanctioned tools introduces additional risks as the organization might need more visibility into the vendor's security practices, data handling processes, or compliance measures.

5. Incident Response & Forensics: In case of a security incident or data breach, knowing which customer support tools are in use is crucial for swift identification of affected systems, containment of the breach, and forensic investigation.

External Identifiability:

Customer support technologies can be identified externally through various means:

• DNS Records: DNS records can contain subdomains or specific domain names associated with the tool's vendor.

• Network Traffic: Network traffic analysis can reveal communication patterns and protocols specific to certain tools.

• Website Integration: Customer support widgets or chatbots embedded in a website can expose the underlying platform.

• Company Communications: Emails or support interactions may mention the platform being used.

It is also essential to know if these tools are on-premise or cloud-based. On-premise solutions might offer more control over data but require internal security measures. Cloud-based solutions can be more scalable and accessible but introduce third-party risk.

Types and Vendors (with Cybersecurity Considerations):

• Help Desk Software:

• Help Scout and Zendesk: These platforms handle customer inquiries and support tickets. Unauthorized access can expose sensitive customer information and communication logs.

• Customer Service Platforms:

• Help Scout, Kustomer, Zendesk: These platforms offer comprehensive customer service solutions. Security breaches can compromise customer data and interactions, leading to reputational damage and financial loss.

• Knowledge Base:

• HelpJuice: This tool stores and manages self-service support content. If not adequately secured, it can expose proprietary information or allow attackers to manipulate content.

ThreatNG, with its external attack surface management (EASM) and digital risk protection (DRP) capabilities, can help organizations identify and mitigate risks associated with customer support technologies:

1. Identify Shadow IT: ThreatNG can detect unsanctioned customer support tools within the organization, its third parties, and its supply chain.

2. Discover Vulnerabilities: It can pinpoint vulnerabilities in the software itself or in its configuration, such as exposed credentials or insecure integrations.

3. Monitor for Data Leaks: ThreatNG continuously scans the dark web for leaked customer data or credentials related to customer support platforms.

4. Assess Third-Party Risks: It evaluates the security posture of vendors and suppliers providing customer support tools.

Example Workflow:

1. ThreatNG Discovery: ThreatNG identifies a publicly accessible knowledge base containing sensitive troubleshooting guides.

2. Vulnerability Scanner Validation: The organization's vulnerability scanner confirms the exposure and flags it as a critical risk.

3. SIEM Integration: ThreatNG's findings are integrated into the SIEM, triggering an alert and initiating an incident response workflow.

4. Remediation: The security team secures the knowledge base, investigates the root cause, and implements additional security controls to prevent future incidents.

Overall Benefits:

By incorporating ThreatNG into their cybersecurity strategy, organizations can:

• Protect Sensitive Data: Mitigate the risk of data breaches and leaks from customer support systems.

• Enhance Reputation: Ensure consistent and secure customer support experiences.

• Improve Compliance: Ensure adherence to data privacy regulations.

• Strengthen Third-Party Risk Management: Assess and manage the security of third-party vendors.

• Streamline Incident Response: Quickly detect and respond to security incidents involving customer support tools.

ThreatNG enables organizations to leverage customer support technologies confidently while proactively addressing potential security risks.