Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Remote Access: The Hidden Weak Spot for Cyberattacks

Many of today’s massive data breaches are linked to compromised credentials belonging to remote workers, third parties, and outsourced IT contractors. While tele-work and outsourced services have become common place in the commercial and public sector, organizations still have work to do when it comes to establishing security practices to support these new business models. 

Many of today’s massive data breaches are linked to compromised credentials belonging to remote workers, third parties, and outsourced IT contractors. While tele-work and outsourced services have become common place in the commercial and public sector, organizations still have work to do when it comes to establishing security practices to support these new business models. 

A recent alert by the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) illustrates that cyber adversaries have identified remote access as a weak spot that can be exploited. The FBI has seen a significant rise in cyber-attacks that exploit remote access methods such as remote desktop protocol (RDP) to gain unauthorized access to accounts and subsequently exfiltrate sensitive data. Given this trend, what can organizations do to limit their exposure to these types of attacks, while supporting agile business models? 

Remote work and outsourced services have reshaped the business landscape over the past decade. According to Global Workplace Analytics the number of remote workers has grown by 140 percent since 2005, while 70 percent of professionals now work remotely at least one day a week. At the same time, the percentage of organizations that have outsourced their IT is the highest in five years, primarily driven by cost savings, the need to focus on core business operations, and in-house resource limitations. 

To enable remote workers, IT outsourcers, and partners to safely access corporate resources, organizations have historically relied on Virtual Private Networks (VPNs). The problem with VPNs, however, is that once inside, the user has access to the entire network. This introduces a significant level of risk. In addition, VPNs can be operationally complex and expensive to maintain. They are also inconvenient for users, requiring a series of manual, time-consuming steps to enter credentials and initiate a session. The advent of Cloud, BYOD, and virtualization technologies have expanded an already difficult attack surface to protect.

While authentication with a username and password is required to establish a VPN connection, attackers can compromise these connections and inject malware onto the remote system. By hacking remote access sessions, malicious actors can compromise identities, steal login credentials, and exfiltrate other sensitive information. To minimize the risk associated with remote access threats, organizations should implement the following four measures to strengthen their security posture:

• Establish Access Zones – As in network segmentation, organizations can establish so-called Access Zones. These are a collection of attributes and security policies that define the identities, access rights, and privileges shared by a group of users. For example, an organization can define an Access Zone for their outsourced IT contractor that defines the specific resources they need to access for their work and blocks access to any other infrastructure resources.

• Grant Access to Specific Resources, Not the Network – Unlike a VPN that gives users visibility into the entire network, privileged access management solutions can be used to limit access to assets on a per-resource basis. These proxy-based technologies give an organization’s privileged internal IT admins access to as much of infrastructure as necessary, while limiting access by an outsourced team or remote workers to only the servers and network hardware their role requires. In combination with Access Zones, this security practice significantly reduces the risk of lateral attacks.

• Grant Least Privilege – Considering the high percentage of privileged access misuse, it is essential to limit access and privilege using a Zero Trust Security approach. This entails establishing granular, role-based access controls via Access Zones to limit lateral movement, as well just enough, and just-in-time privilege to applications and infrastructure. For example, if an outsourced IT provider is contracted to maintain an Oracle database, their access can be limited to this single resource. For advanced security, controls can be placed on the range of commands they are allowed to perform. Should additional privileges be required, these can be requested via a workflow ticket. The approval of the ticket would grant immediate, but temporary privilege to run additional commands on the database.

Advertisement. Scroll to continue reading.

• Use of Risk-Based Multi-Factor Authentication – To further enhance security, organizations should combine risk- and role-based access controls, user context, and multi-factor authentication (MFA). This approach enables intelligent, automated, and real-time decisions for granting privileged access to users who are remotely accessing servers, on password checkout, or when using a shared account to log into remote systems.

By implementing these measures organizations can limit their exposure to remote access-based cyber threats, while supporting agile business models such as remote work and outsourced IT. Addressing these security challenges is central for supporting digital transformation initiatives, while protecting corporate assets. 

Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights