As a reader of Information Security Buzz, you are probably already familiar with all the different points of access that hackers and other threats use to breach the security measures that enterprises have set up to protect their data, such as social engineering, cross-site scripting flaws and unpatched windows machines. One of the potential vectors that is often ignored or at least underestimated is remote access software which is used by various service providers and which is very often not secure enough.
Remote Access Software 101
In order to understand why remote access software plays such a pivotal role in the online security of an enterprise, we need to understand what this type of software entails. Remote access software entails all software solutions that are utilized by an enterprise in order to provide access to sensitive company data to partners, employees and service providers who have been authorized.
In today’s business world, a large percentage of enterprises (both small and large) invest large sums of money in remote access services which, unfortunately, come with a number of vulnerabilities that are easy to exploit and which are being readily exploited by attackers.
How “Popular” are Remote Access Attacks?
Back in 2012, Verizon Data Breach Investigations Report, the cornerstone publication in the field of data breach trends, concluded that remote access services were involved in almost 90% of all hacking breaches and that compromised remote access was instrumental in 95% of cases involving malware. With the spread of remote services and more and more people needing remote access, the numbers have only grown. Unfortunately, the growth in need for such services has not been properly accompanied by increased security of such solutions.
The Most Common Problems
Enterprises have to deal with a number of potential problems when remote access is in question. For example, when they use cloud file storage services, they are usually left without control of their data and its security. We have seen a number of breaches of even the largest cloud storage service providers where their clients’ data was left out in the open, so to say.
Another big vulnerability is provided by remote management software which has traditionally been a common vector for attackers, as were screen sharing programs which many enterprises still use very heavily.
The latest Verizon DBIR, released in 2015 has also identified POS systems as one of the most common targets for attackers, usually coming from Eastern Europe and usually being very quick and efficient.
The Course of Action For Enterprises
There are quite a few things that enterprises can do to limit their vulnerability to remote access intrusions, but for the most part, they all come down to being extremely careful with who gets remote access to what systems and data. In case they are outsourcing POS management to third-party providers, they need to ensure that they are adamant about their security. Experts from SecureLink, a company that provides secure remote software solutions to IT vendors also recommend that enterprises be careful about their IT service providers and their security solutions.
In their Internet Security Threat Report from 2014, Symantec suggests that the enterprises apply port-filtering, host-based firewalls and scanning tools which are supposed to block traffic that has not been explicitly authorized. They also point out the importance of proper web server configuration and DNS servers, as well as the disabling of automatic installation of various non-essential software components.
In essence, the role of remote access software should never be underestimated when we are talking online security in the business world. It is absolutely crucial that enterprises deal only with reputable and high-quality third parties and that they always have someone to rely on, such as their IT service providers who will be well aware of the risks of remote access.