Q2 Cyber Threat Report: Ransomware Season Arrives Early
In this report, our threat intel team highlights our critical cyber threat and ransomware findings from Q2 2024 and what it means for the threat landscape.
The workplace is no longer a "place" and as remote work accelerates, the cybersecurity threats being faced by organizations have also changed. There are many benefits to remote work and as a result more and more companies are accelerating shift and adopting programs to enable their workforce to take advantage of the work life balance and other positive benefits. This shift however does come with new risks and security challenges that are not present in traditional office environments.
Cybersecurity threats change when employees work remotely; everything from vulnerabilities in home networking gear to physical controls that are lacking in protection compared to a hardened office location all increase risk. Another threat in this context is the end-user’s need to access and transact sensitive data over public internet connections when remotely connecting to applications and other system resources that exist in their corporate office locations and data centers. If access to that data, those systems or other resources is not properly secured, bad actors can take advantage of lapses in security to compromise and expose that data or to take a more malicious approach and hold that data or the critical systems that process it for ransom. Identity and Access Management security, especially the security of remote access to key resources and data, are paramount to any security strategy and critical for managing IT risk.
Remote work often forces employers and employees to adopt a broader set of tools for things like collaboration and remotely managing applications, services and data. This broader adoption of tools and services (often without security in mind) increases the attack surface for bad actors to exploit. In addition to the standard applications that are used in the office, remote workers also may use applications like RDP, Remote Access Tools, VPN clients, and other remote access technologies creating new potential security vulnerabilities if not properly managed and secured.
Implement a Zero Trust Network Access (ZTNA) solution for secure remote access. This emerging technology minimizes your external footprint by removing digital assets from public visibility and securely ties authentication to your users.
ZTNA is a product or service that creates an access boundary around an application or set of applications based on identity and context. The applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities. The broker verifies the identity and context of the specified participants before allowing access and prohibits lateral movement elsewhere in the network. This removes application assets from public visibility and significantly reduces the surface area for attack.
If a VPN is in use for remote access, we recommend finding a VPN solution without a consistent history of critical vulnerabilities, which threat actors use to gain initial access into an environment and deploy ransomware.
Read this helpful article on how to secure your organization's VPN.
Follow the Least Privilege Doctrine and only provide access that people need based on roles and duties. Be sure that system administrators are given separate user accounts for privileged access.
Don't forget to secure vendor access. For organizations that rely on external IT providers or other vendors that get network access, make sure that their remote access tools are secured by more than just a username and password.
Additional resources:
Consider a Remote Access Security Cleanup or other Remote Security Services offered by LMG Security.
8 key security considerations for protecting remote workers (CSO Online)
8 Best Practices for Secure Remote Work Access (Security Boulevard)