How Can You Protect Your Network from Ransomware Attacks? Don't Let Anyone on It
The erosion of the corporate network perimeter had already strained cybersecurity practices prior to 2020. Add to that the rapid pivot to remote work and executive teams pushing for more operational and business agility. It becomes easy to see why the goal of ‘perimeter protection’ faces bigger challenges than ever before.
But what if you could secure your entire flexible work environment from ransomware attacks without perimeter protection? Allow me to explain.
While there is much work to do to secure your corporate network against modern threats like ransomware, there is a simple solution that immediately provides robust security for your flexible work environment. By leveraging a ‘consumerized’ version of remote access for remote workers, you remain as secure and agile as possible, because all remote workers NEVER touch the network.
An added benefit to such a solution is that you buy yourself more time to develop your long-term strategy for perimeter protection and Zero Trust.
Consumerized remote access: a much safer path than RDP-VPN solutions
As far back as 2017, the FBI highlighted perimeter attacks against remote desktop protocol (RDP) as a primary method for ransomware infection. In late 2019, the FBI further clarified the threat and raised awareness when it published a public service announcement (PSA) entitled High-Impact Ransomware Attacks Threaten U.S. Businesses and Organizations. (RDP is a proprietary network protocol that allows individuals to control the resources and data of a computer over the internet).
According to the FBI’s PSA, “Cyber criminals have used both brute-force methods, a technique using trial-and-error to obtain user credentials, and credentials purchased on darknet marketplaces to gain unauthorized RDP access to victim systems. Once they have RDP access, criminals can deploy a range of malware—including ransomware—to victim systems.”
Despite these types of high-profile warnings, companies have been slow to act and continue to rely on RDP for remote access. In fact, many organizations use even less secure means for remote access – a simple VPN or a combination of RDP and VPN.
As we noted in a prior post, people who work remotely typically use VPNs and remote desktop protocol (RDP) to access the apps and data they need to perform their work. This has led cybercriminals to exploit weak password security and VPN vulnerabilities to access the corporate network, steal information and data, and worst of all – inject ransomware. That was the case with the April 2021 hack of the Colonial Pipeline. VPN technology is decades old and cannot be secured the way modern access solutions – especially cloud-based remote access can be.
RDP brings similar risks. First and foremost, RDP has weak user sign-in credentials. Remote workers often use the same password for their desktop office computer and their remote computer (which they set themselves). Yet, corporate IT does not typically manage passwords on remote/BYOD devices, leading to wide variations in password strength. Second, two-factor and multi-factor authentication are not part of RDP. These two issues often lead to remote devices being compromised. These security weaknesses drive continued use of VPNS. But, as we just explained, a VPN exposes you to ransomware even more easily.
Network segmentation is not a panacea for ransomware attacks
Network segmentation can be a partially effective way to protect IT systems from ransomware attacks. Segmentation controls traffic flows between various sub-networks and restricts the lateral movement of an attacker. However, there are two problems with relying on network segmentation.
Network micro-segmentation is a massive task. For that reason alone, segmenting your network may take a long time, or possibly, never get done. Even when a segmentation project is completed, IT administrators often deal with initial or ongoing misconfiguration of access control lists (ACLs) and policies. According to the Cybersecurity and Infrastructure Security Agency (CISA) and its publications Remediate Vulnerabilities for Internet-Accessible Systems, the decentralization of organizations and their governance processes makes it difficult to coordinate the remediation of vulnerabilities. CISA further states that budgetary constraints also play a large role in completely addressing the need for new security solutions to safeguard networks and systems.
Segmentation does not address the entire remote access security problem. While it is true that segmentation controls lateral spread of ransomware, it only does so after the ransomware is inside the network. That can be a scary thought. Unless you are expert at segmenting your network, you could still be greatly exposed. Even if you could expertly segment it, why would you want to have an infected network segment to begin with?
Consumerized remote access is 100% off-network and aligns with Zero Trust
Under Zero Trust security architectures, users can only gain access to apps, data, and other resources by continuously verifying credentials. Even when they do, users can only access the areas for which they have personalized permissions.
Splashtop’s remote access solution doesn't rely on RDP and doesn't need a VPN. Plus it follows a Zero Trust approach. When your employees remotely access their office computer or workstation, they enter via a special Splashtop connection. A connection that isn't part of the corporate network. When they work remotely, they can only view and work with the data (I.e. Word documents) on their remote desktop. Data never travels outside the corporate network. You also have the choice to enable or disable both file transfer and print functions. These choices do not exist with an RDP/VPN strategy.
Splashtop remote access introduces even more security features, such as device authentication, two-factor authentication (2FA), single sign-on (SSO) and more. These modern security measures do not exist in VPN architecture.
An additional advantage of Splashtop remote access is speed. Because Splashtop works independently from your legacy IT infrastructure, it takes only minutes to set up. Imagine, in just a single day, you can give entire departments seamless, secure remote access to their computers from any device – embracing a full BYOD (bring your own device) strategy. In the end, you gain operational and business agility as well as far higher levels of security for remote workers. All of this by not allowing any of them onto your network in the first place.