Business - Mar 14, 2018
In the era of Bring Your Own Device and distributed virtual teams, remote access to sensitive network resources is quickly emerging as the biggest internal cybersecurity threat.
As more of the workplace moves online and team members require flexible access to IT assets from around the world, remote access has become a major headache for system administrators.
Even with all this in mind, one area is still often overlooked: Third-party remote access.
Third-party remote access has been a perennial concern for enterprises – it’s always on the radar, but not usually a top priority. Many cybersecurity pros assume that as long as the connection is executed through a secure VPN, it introduces no more risks than a standard remote connection.
The big challenge: Hackers can breach your network by gaining access to your vendors. And that can happen any time, no matter how strong your relationship with a vendor is, how effective your IT policies are, or how ironclad your contract becomes.
The vast majority of third-party vendor access is undertaken for legitimate purposes.
Even so, determined attackers can piggyback on vulnerabilities native to a vendor’s IT setup to gain access to even your most hardened resources. Requiring a VPN connection and scanning all inbound connections for security compliance are only the first steps in a complete defence.
For optimum cybersecurity, implement these fixes:
One of the biggest problems with remote access is the tendency of each organization to multiply the number of software tools used for connections. The end result is a patchwork of conflicting solutions with countless vulnerabilities, many unseen. Leverage your authority as system owner to require all external and internal actors to use a consolidated and company-owned solution.
What should you do once you’ve chosen a remote access solution? Effectiveness depends on deflecting all non-compliant connections, no matter their source or technology. Blocking ports associated with risky connection types can eliminate entire classes of vulnerabilities with no impact on network performance. Common low-cost, Web-based tools should also be blocked.
Multi-factor authentication remains the most potent way of ensuring a connection is actually initiated by a credentialed party. Credentials are typically stolen by hackers who target generic login information vendors share across their user base. Unique usernames and passwords can be combined with two-factor identification to render stolen vendor credentials virtually useless.
Most vendors only need access to a small subset of defined network resources. No matter how broad or narrow their mandate is, they virtually never need around the clock access. An ideal remote access platform should include granular permissions for individual teams and vendors so you can provide the minimum permissions necessary – and revoke them completely at any time.
Even these techniques won’t always stop a bad actor from trying to exploit your network. In cases like these, a clear and comprehensive audit trail is essential. Without a complete record of all vendor activity supported by automated alerts, a breach can take months to uncover. That’s especially true if the effects are subtle or if it was perpetrated by a current or former employee.
All this is not to say that third-party vendors have no business accessing your data.
Responsible vendors can empower enterprises of all sizes with skills and expertise that may be difficult or impossible to cultivate in-house. To truly add value, however, all vendors must be fully committed to IT security best practices.
ISSQUARED helps enterprises of all sizes enjoy the benefits of world-class cybersecurity.
With Virtual Chief Information Security Officer (vCISO) services from ISSQUARED, it is easier than ever for companies of all industries, size categories, and geographies to benefit from true security expertise.