As the world sorts itself out during and post-pandemic, one thing is certain – remote working is here to stay. Fortunately, technology can provide the visibility needed to secure operational access, whether employees are working from the office or at home. While this level of flexibility hasn’t been so readily embraced in the past, secure remote access (SRA) is now being widely used to help companies survive and thrive.
Secure Remote Access (SRA) is now being widely used to help companies survive and thrive. Visibility into remote connections and activity monitoring is key.
The Problem: Companies Don’t Have Control Over the Home Office Infrastructure
Take for example a 70-year old plant engineer who was considered high risk due to a medical condition, and needed to self-isolate. The company he worked for had to provide secure remote access just for him, so he could get “inside” their facility to manage their critical assets.
The challenge was that by enabling remote access to critical operations assets, the company significantly expanded its attack surface. In fact, according to research from NordVPN, 62 percent of employees are now vulnerable to cyberattacks, thanks to the use of personal computers for remote work during the COVID-19 pandemic.
Another survey found that COVID-19-related phishing emails are on the rise, with many embedding different malware strains as attachments. AgentTesla (45 percent), NetWire (30 percent), and LokiBot (8 percent) were the most actively exploited malware families, said researchers at Singapore-based Group-IB’s Computer Emergency Response Team’s (CERT-GIB). With some minor differences, the goal of all these malware samples is to harvest user credentials from browsers, mail clients and file transfer protocol (FTP) clients, as well as capture screenshots, and secretly track user behavior and send it to cybercriminals’ command and control centers.
“One of the things that have changed is that a corporation no longer has control over the infrastructure its employees are using for work,” said Pam Johnson, Vice President of Customer Experience at Dallas-TX-based solution provider, TDi Technologies. “For example, they’re using personal computers to access the business network. They’re using unsecured WiFi to access operational systems. That’s a fundamental issue that could result in malware making it through from personal computers, going over a home WiFi to the business network.”
“We’re used to knowing who’s touching our critical infrastructure because outsiders have had to sign into a visitor log,” said Bill Johnson, Chief Executive and Founder of TDi. “And when they’re onsite, all the cyber hygiene, cyber protocols, and visitor protocols are being met. They’re not bringing in USBs or laptops from the outside, they’re using equipment contained within the four walls of the business. But with so many remote workers, cyber challenges are added onto the personal and physical-distancing challenges that now exist.”
A big spike in the number of people working from home, and most likely continue to do so, has brought about a change in the micro view of how employees operate and in the macro perspective of how the industry could operate in the future. The pandemic has forced an industry that’s slow to change even the smallest of details into accepting supporting technology.
“We’ve been delivering remote access to different industries since ’91, and I’ve not found people so eager before. And, not only are they eager to look at secure remote access, they’re coming to us with a shopping list of requirements,” Bill Johnson said. “‘You must be IT-centric or OT-centric, or be able to create a unified view.’ That’s another thing we’re hearing a lot of, ‘I’ve got these other tools, and you have to integrate with those, or you have to be able to allow me to access these other critical tools that I use to manage my business.’ So, the pandemic has led to people becoming more educated about security requirements. In the past, it was a nice-to-have. Now it’s a must-have.”
OT/IoT Security’s Three-Legged Stool
Security was always thought of as a collection of people, processes, and technology, but the latter is now playing a bigger role in allowing businesses to operate via remote access.
“I’ve found that people were often the inhibitor to technology, in that they simply didn’t want to allow technology to be accessible remotely,” Bill Johnson said. “Historically, SCADA technologies and OT technologies haven’t been connected to a network that could be remotely accessed. So, consequently, some organizations default to ‘security by obscurity’. But the COVID-19 pandemic has forced companies to re-think both people and processes.”
While it might be preferable for employees to be physically present, secure remote access technology allows organizations to manage remote access to critical systems in a responsible, secure way, providing situational awareness and auditability to see who is touching the business infrastructure.
The Nozomi Networks / TDi OT and IoT visibility and security solution monitors remote access activity to detect anomalous activity and provides detailed visibility into each remote connection.
Remote Access – The Double-Edged Sword
“Remote access might be the only way right now to keep a business alive and generating revenue, but if you do it incorrectly, you can put the business out of business,” Bill Johnson said. “That’s why the people in the process have always been a blockage. And it’s also why companies are being very specific about the technology capabilities they need to do it right.”
“From a business perspective, we always want to know who, and where are workers coming from,” Bill Johnson said. “What are they doing? How are they doing it? Are they authorized to be here? Show me the log and the audit, and tracking of their remote access.”
Secure Remote Access Best Practices
To help ensure secure operating practices, TDi Technologies’ Chief Executive Bill Johnson and Vice President of Customer Experience Pam Johnson supplied a list of best practices that companies and employees could follow:
- Protect everything with firewalls, VPNs and two-factor authentication (basically zero trust).
- Monitor remote access connections to gain visibility into all remote systems interacting with your network.
- Make sure standards and policies are in place, including rules for secure servers, and the settings on those servers.
- Constantly check to make sure those settings haven’t changed.
- Evaluate how those servers are configured, what software is on them and what version it is, and all automation behind the scenes.
- Apply patches if it is possible to do so securely from a remote location.
- Incorporate a regular password update process, using automation.
- Keep a log of configuration or firmware changes, what was done and by whom.
- During remote access, double-check the location you’re going to visit before going there.
- Don’t click on links and files that are not familiar to you.
Nozomi Networks Integrates with Remote Access Management Tools
The Nozomi Networks solution continuously monitors remote access activity to detect anomalous activity before operations are disrupted. It provides detailed visibility into each remote connection, including every system inside the business network that a remote user connects to, the protocols used, network zones or VLANs traversed, and any configuration or firmware changes made to any of those systems.
Our OT and IoT visibility and security solution also integrates with remote access management tools including those provided by our partner TDi, among others. This allows cybersecurity and operations teams to secure almost any type of remote access to their converged OT/IoT environments, including VPNs, terminal servers, jump servers, and clientless remote desktops.