Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

Remote Access: The Hidden Weak Spot for Cyberattacks

Many of today’s massive data breaches are linked to compromised credentials belonging to remote workers, third parties, and outsourced IT contractors. While tele-work and outsourced services have become common place in the commercial and public sector, organizations still have work to do when it comes to establishing security practices to support these new business models. 

Many of today’s massive data breaches are linked to compromised credentials belonging to remote workers, third parties, and outsourced IT contractors. While tele-work and outsourced services have become common place in the commercial and public sector, organizations still have work to do when it comes to establishing security practices to support these new business models. 

A recent alert by the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) illustrates that cyber adversaries have identified remote access as a weak spot that can be exploited. The FBI has seen a significant rise in cyber-attacks that exploit remote access methods such as remote desktop protocol (RDP) to gain unauthorized access to accounts and subsequently exfiltrate sensitive data. Given this trend, what can organizations do to limit their exposure to these types of attacks, while supporting agile business models? 

Remote work and outsourced services have reshaped the business landscape over the past decade. According to Global Workplace Analytics the number of remote workers has grown by 140 percent since 2005, while 70 percent of professionals now work remotely at least one day a week. At the same time, the percentage of organizations that have outsourced their IT is the highest in five years, primarily driven by cost savings, the need to focus on core business operations, and in-house resource limitations. 

To enable remote workers, IT outsourcers, and partners to safely access corporate resources, organizations have historically relied on Virtual Private Networks (VPNs). The problem with VPNs, however, is that once inside, the user has access to the entire network. This introduces a significant level of risk. In addition, VPNs can be operationally complex and expensive to maintain. They are also inconvenient for users, requiring a series of manual, time-consuming steps to enter credentials and initiate a session. The advent of Cloud, BYOD, and virtualization technologies have expanded an already difficult attack surface to protect.

While authentication with a username and password is required to establish a VPN connection, attackers can compromise these connections and inject malware onto the remote system. By hacking remote access sessions, malicious actors can compromise identities, steal login credentials, and exfiltrate other sensitive information. To minimize the risk associated with remote access threats, organizations should implement the following four measures to strengthen their security posture:

• Establish Access Zones – As in network segmentation, organizations can establish so-called Access Zones. These are a collection of attributes and security policies that define the identities, access rights, and privileges shared by a group of users. For example, an organization can define an Access Zone for their outsourced IT contractor that defines the specific resources they need to access for their work and blocks access to any other infrastructure resources.

• Grant Access to Specific Resources, Not the Network – Unlike a VPN that gives users visibility into the entire network, privileged access management solutions can be used to limit access to assets on a per-resource basis. These proxy-based technologies give an organization’s privileged internal IT admins access to as much of infrastructure as necessary, while limiting access by an outsourced team or remote workers to only the servers and network hardware their role requires. In combination with Access Zones, this security practice significantly reduces the risk of lateral attacks.

• Grant Least Privilege – Considering the high percentage of privileged access misuse, it is essential to limit access and privilege using a Zero Trust Security approach. This entails establishing granular, role-based access controls via Access Zones to limit lateral movement, as well just enough, and just-in-time privilege to applications and infrastructure. For example, if an outsourced IT provider is contracted to maintain an Oracle database, their access can be limited to this single resource. For advanced security, controls can be placed on the range of commands they are allowed to perform. Should additional privileges be required, these can be requested via a workflow ticket. The approval of the ticket would grant immediate, but temporary privilege to run additional commands on the database.

• Use of Risk-Based Multi-Factor Authentication – To further enhance security, organizations should combine risk- and role-based access controls, user context, and multi-factor authentication (MFA). This approach enables intelligent, automated, and real-time decisions for granting privileged access to users who are remotely accessing servers, on password checkout, or when using a shared account to log into remote systems.

By implementing these measures organizations can limit their exposure to remote access-based cyber threats, while supporting agile business models such as remote work and outsourced IT. Addressing these security challenges is central for supporting digital transformation initiatives, while protecting corporate assets. 

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...