These attacks, such as ransomware and malware, can have far-reaching consequences, especially when targeting critical systems like OT, which control physical processes and machinery in industries including energy, transportation, and manufacturing. In 2021, there were 64 publicly-reported OT cyberattacks, a 140% increase compared to 2020. About 35% of these incidents resulted in physical consequences, with estimated damages of US$140 million per event. These figures only represent the events that were made public; there were likely many more that were not disclosed. In addition, ransomware also impacted organisations in important industries including food manufacturing and supply chain.

Preventing unauthorized access to CII is essential to prevent data breaches and disruption to the normal functioning of critical systems and services. The integration of IT and OT systems in CII has increased the potential for cyber threats to impact physical processes and machinery, leading to severe consequences.

In this article, we will explore the significance of securing access to CII for the safety of IT and OT systems and provide actionable strategies to enhance visibility and control.

The risks of remote access

As organizations increasingly rely on remote access to CII, they expose themselves to various risks. Cybercriminals can exploit these enlarged attack surfaces to infiltrate networks and gain unauthorized access to critical systems and sensitive information, such as intellectual property, financial data, and industrial controls.

Traditional methods of remote access that are VPN-based often give unfettered network access once basic authentication has taken place. Their basic on/off nature lacks the granularity of privileges that fits modern organizations better.

The convergence of IT and OT networks amplifies these risks, as a breach in one area could potentially affect the other. Remote access not only heightens the likelihood of cyberattacks but also the potential severity of their consequences, particularly those targeting systems that manage critical processes and national services.

Understanding and mitigating all risk is essential for ensuring the safety and security of CII systems as a whole.

Strategies for securing remote access

Regularly update and patch systems

Keep software and systems as up-to-date as possible with the latest patches and security updates. (Legacy systems may no longer receive firmware or software updates or rely on an older OS or configuration that pose a security vulnerability for cyber adversaries to gain access to your network.) Flashing OT components can be especially problematic as updates can be potentially operationally disruptive. Nevertheless, regular patching and updating of all systems where it’s still possible to do so is crucial for closing security gaps in IT and OT and reducing the risk of remote access attacks.

Monitor network activity

Real-time network activity monitoring can help organizations detect and respond to potential threats before they escalate. Organizations can use advanced monitoring tools and cyber threat intelligence to identify unusual behavior patterns that flag issues, like unauthorized traffic, repeated failed access attempts, and anomalous outbound packets.

Privileged access management (PAM) and zero-trust

For remote access, many organizations rely on – or have rogue installations – of consumer-focused remote access tools. Like VPNs, these tools offer little resistance for an attacker to move throughout the organization should they have the right set of credentials.

To mitigate such threats, a growing number of organizations are implementing modern privileged access management solutions, including privileged remote access and privilege elevation controls. These solutions enable organizations to eliminate admin rights for the user (including credential obfuscation) and enforce least privilege. That helps prevent unauthorised access, reduces the attack surface and dismantles threats – without hindering user productivity.

Governance

Detailed session data should be captured in real-time or post-session, so providing an audit trail and session forensics. Record all privileged activities for compliance and logging purposes, including the behaviors of remote access users, details of every session down to protocol level to provide a canonical audit trail.

Choosing the right technology to secure remote workers

Securing an increasingly large number of remote connections to CII poses a significant challenge. Privileged remote access focuses on granting the right individuals the correct level of access to the appropriate systems at any precise moment. This approach enables just-in-time, zero-trust access to on-premises and cloud resources and allows for granular definition of user permissions and session duration. Consequently, privileges are never left unchecked, and user accounts don’t allow unfettered access for attackers to exploit.

BeyondTrust Privileged Remote Access delivers visibility and control over third-party vendor access, internal users, remote access, and infrastructure inside and outside the LAN. Organizations of all sizes use this solution to grant seamless access to essential assets while adhering to strict security and compliance standards. The platform features:

• Privileged access control – Grants necessary access without excessive permissions,
• Utilizes familiar tools – Maintains user workflows and efficiency without compromising security,​
• Privileged password vaulting – Manages and rotates privileged credentials; integrates with BeyondTrust Password Safe for enhanced security.
• Audit & compliance capabilities – Generates audit trails, session forensics, and reports; access attestation reports to demonstrate compliance.

As the lines between IT and OT systems blur, businesses must adopt a comprehensive, WAN-wide approach to safeguard their critical information infrastructure from cyber threats. Check out this on-demand webinar to discover how you can better secure access to your critical infrastructure.

The post Securing remote access in an increasingly digital world appeared first on Tech Wire Asia.

However, a recent BeyondTrust survey suggests that more than half of businesses in Singapore are still at risk of privilege escalation attacks due to inadequate privilege management. This significant gap between companies’ perceived and actual preparedness underscores the importance of ensuring that zero trust fundamentals are implemented effectively to address security risks in modern work environments.

Find out more on how Singapore organizations are progressing in their zero trust adoption journey.

Source: Shutterstock

Zero trust is a security model that assumes that all networks, devices, and users are untrustworthy by default. Under the zero trust model, every new or changed access request to a network or device must be verified, even if the user has already been authorized to access the network or device. Despite 88% of IT leaders in Singapore believing zero trust is vital to their organization’s cybersecurity strategy, the BeyondTrust survey found that most companies have not adequately addressed what it terms ‘the privilege gap.’

The privilege gap refers to the excessive access that users in an organization have beyond what is required to perform their jobs. 54% of IT leaders believe that users in their organization have excessive privileges. This finding is a significant concern, as privilege escalation attacks are among the most common cyberattacks. These attacks occur when a hacker gains access to an account with privileges that allow them to access more sensitive data or take control of a system. In fact, past data from Forrester Research has shown that privileged credentials were implicated in 80% of data breaches.

Proactively preparing for cybersecurity challenges

Source: Shutterstock

In the increasingly “perimeter-less” environment, companies must implement zero trust fundamentals, including privileged access management and secure remote access. As more than half (59%) of surveyed Singapore companies are embracing remote access by third parties, securing the remote workforce has become a significant challenge for IT leaders, with 75% finding it challenging. 69% of IT leaders also find it difficult to provide secure remote access for third parties, putting that aspect of their zero trust posture at risk.

Organizations can implement the principle of least privilege to address these challenges and enhance the system’s overall security. This ensures that users are only granted access to the resources required for their specific job functions with the right amount of privileges for the right amount of time to complete their tasks effectively. By implementing the principle of least privilege, organizations can reduce the potential for privilege escalation attacks and ensure compliance with data protection regulations. Implementing the principle of least privilege also improves the security of remote setups and empowers organizations to better manage their remote workforce and third party access.

As IT leaders in Singapore prepare for cybersecurity challenges over the next 12-18 months, increasing their implementation of zero trust should continue to be a key priority. By proactively addressing the privilege gap and implementing zero trust fundamentals, companies can better protect their sensitive data, improve their security posture, and ensure compliance with data protection regulations. The BeyondTrust survey highlights the importance of taking a proactive approach to privilege management and implementing zero trust fundamentals.

Prioritizing the right tools and practices for zero trust implementation

Implementing zero trust requires various tools and practices, and prioritizing which areas to focus on can present a challenge. With so many different aspects to consider, organizations may struggle to identify which areas are critical to their zero trust initiative. For example, segmentation is an essential tool for preventing attackers from having unfettered access to corporate resources, yet some organizations may overlook it in favor of other initiatives. As a result, these organizations may not operate under an “assume breach” mindset, which could hinder their zero trust efforts.

Ultimately, the success of a zero trust initiative depends on an organization’s ability to prioritize and implement the right tools and practices to support the framework.

To support their zero trust initiatives, companies can turn to the likes of BeyondTrust, a provider of intelligent identity and access security solutions. BeyondTrust provides several ways to enhance cybersecurity measures, such as inventorying all privileged assets, applying least privilege controls, and enforcing adaptive and just-in-time access controls based on the context in real time.

By implementing these solutions, companies can eliminate blind spots, spotlight shadow IT, control access points, and reduce the potential for privilege escalation attacks. Click here to find out more

The post Zero trust priorities for Singapore companies: Bridging the privilege gap appeared first on Tech Wire Asia.

The costs of ransomware are growing at a tremendous rate (up 46% YOY according to McAfee), driven at least in part by the fact that many organisations pay up in the (often vain) hope that they will be able to retrieve encrypted files. In addition, ransomware crews are also exfiltrating data prior to encryption, allowing them to sell the stolen, confidential information on the black market. Whether or not you think stumping up the cash is a wise move (hint: it’s not wise at all), there are two considerations here. Firstly, what measures are in place to help prevent attacks, and second, what might an organisation do in a malware-related disaster.

The space available to this article limits our answers to the first question only – what to do when an attack is successful will be the subject of a future article. But to address the issue of how best to protect a workforce, we need to look at how ransomware works.

Execution rights

When malware first gets a foothold on a user’s computer, it has execution privileges that allow it to successfully execute and ultimately encrypt the user’s data, in the process requesting a demand for Bitcoin. Yet, according to BeyondTrust, over 80% of published Microsoft vulnerabilities would not cause any issue if users didn’t have full admin privileges.

Many organisations have tried locking down privileges before, without much success. The common outcome has been an inundated helpdesk dealing with disgruntled users, asking for more rights to use software to do their jobs. This is particularly the case for dev teams. So to keep the peace, IT departments have seceded to users’ needs, to the detriment of security.

The everyday tools

Most of the software in daily use in organisations of all types across the globe falls into common categories: email applications, office suite, messaging apps, a web browser or two, and, often, specialist software relevant to a job role, such as financial or HR applications, for example, some of which no longer reside locally but in the cloud.

In common IT environments, there are various power-user tools that often run in the background and are key to the day-to-day running of enterprise organisations. Macros and PowerShell are two important tools used to automate tasks, including the management of systems. For many organisations, neither can be readily disabled due to the business impact. Yet, they can also be exploited by hackers looking to score a payday.

The buck stops at the endpoint

While modern endpoint protection methods have a place, they are still vulnerable to cleverly-crafted phishing emails and attacks that exploit unknown vulnerabilities.

This is where modern privilege access management (PAM) solutions play a part. A subset of PAM is privilege elevation and delegation management (PEDM). PEDM applies granular privilege elevation activities controls on a case-by-case basis. Privilege management can be applied not only to traditional endpoints such as desktops, but can also be extended to servers, protecting Linux or Unix environments from cryptomining software or worse.

It used to be easier for harried support staff to allow the user full access privileges to their work hardware and software to keep the phone from ringing. But by leveraging quick start policies, endpoints can be quickly secured, with users given the needed privileges to get their jobs done with minimal impact on productivity. Privileges can be elevated for the time needed to complete a task, minimising the window of time that any privilege can be misused. Modern PAM solutions actually never elevate the user; instead privileges are constrained to the security context of the executable.

It is a testament to the user-friendliness of modern PAM solutions that many users will be oblivious to a PEDM solution running in the background of their device. They no longer need to find workarounds, nor have productivity lost through regular calls to the IT helpdesk.

For organisations on the zero-trust journey, managing privileges in this way supports the principle of least privilege: at the heart of zero trust.

Beyond the Whitelist

Whitelisting applications’ capabilities, as well as an application in its entirety, means those pieces of software that users need to get their daily jobs done will continue to work safely. Preventing PowerShell from running might seem like a wise move, but once a blanket ban is emplaced, you can be sure that a vital script or shim for an application will stop working.

The bottom line is the auditing of everyday practice and ensuring security policies support and protect accordingly.

Watch now: Darkside Ransomware vs. BeyondTrust Privilege Management

As the instances and costs of ransomware ramp up significantly worldwide, it’s time that companies remove themselves from the “low hanging fruit” category of potential victims. An assiduous combination of whitelisted applications with carefully chosen limits placed on execution privileges is the organisation’s best solution. It combines user operability (allowing a degree of endpoint personalisation, for instance) with the outright prevention of any code from a definition of what’s normal that can be as wide or narrow as your organisation needs.

The end goal is to stop malware and ransomware from running if it’s got past all other elements of the cybersecurity stack. As any cyber professional knows, it’s a case of when, not if, and protection policies have to be mindful of that unpleasant reality.

To learn more about finding your balance between usability and 100% security and take a significant stand against the ransomware-as-a-service providers that lurk out there, get in touch with the sector’s market leaders today.

The post Beyond granular privilege escalation: endpoint protection today appeared first on Tech Wire Asia.

원격근무 또는 재택근무는 원격 액세스스 시스템에 큰 부담을 주고 있습니다. 대부분의 경우, 인터넷 속도가 느리거나 웹사이트가 충돌하거나 화상 회의를 제대로 하지 못한경험이 있을 것입니다. 모든 이에게 분명히 해당되는것은 아니지만특히 벤더(Vendor)들의 권한이 있는 원격 관리자들이 VPN(가상 사설 통신망) 사용을 계속할 때의 리스크입니다.

팬데믹 이전에도 서드파티 액세스스으로 인해 발생하는 리스크는 사이버보안에서 점점 더 핵심적인 문제가 되었습니다. 많은 조직은 그들이 새로운 표준에 적응할 수 있도록 돕는 IT 서비스 업체에 크게 의존하게 됩니다. 또한, 많은 서비스 업체는 그들의 운영 방식을 채택조정해야 했고, 이로 인해 벤더(Vendor)시스템의 안정성이 저하될 수 있습니다.

지금과 같은 위기 속에서, 몇몇 회사들은 직원들을긴밀히 관리하며엄격히 통제되는 회사 컴퓨터를 제공합니다. 그러나 많은 기업에서는 직원들이 업무용 컴퓨터를 집으로 반출하지 못하도록 제한합니다. 일부 기업 및 공공 부문 조직에서는 사무실 밖의 모든 직원에게 컴퓨터를 추가로 지급할 여력이 없습니다. 이로 인해 직원들은 자신의 집에서 개인용 컴퓨터를 사용하게 되고, 이는 원격 액세스리스크 외에도 막대한 보안 리스크를 초래합니다. 많은 기업에서 보안이 확실치 않고 출시된 지 오래된 원격 액세스스 툴을 함께 사용해 네트워크에 접속하는 것은 문제를 해결하는 것에 도움이 되지 않습니다.

서드파티 리스크 및 VPN

벤더(Vendor)또는 서드파티(Third-Party) 공격 벡터는 적어도 공격이2013년 신용카드 데이터 침해가 발생했던 시점부터 잘 알려졌습니다. 이러한 침해는 상점에서 HVAC 장비를 모니터링하는 데 사용되는 서드파티 벤더의 VPN 계정을 통해 네트워크에 맨 처음 액세스스한 범인 때문에 악명이 높았습니다. 벤더 액세스스 보안 리스크는 이때부터 폭증했습니다.

2019 권한 접근접근 위협 보고서에서는 평균적으로 매주 182개의 벤더가 시스템에 접속한다고 발표했습니다! 포네몬 인스티튜트의 조사에 따르면 59%의 회사에서 2018년에 서드파티로 인해 피해를 입었다고 합니다. 이제는 조직에서 그들의 서드파티 리스크 관리 능력을 향상시켜야 할 때입니다.

가장 일반적인 원격 액세스스 툴 중 하나인 VPN은 직원 증원 사용의 일부이든 문제 해결을 위한 것이든 관계없이 비즈니스 시스템의 권한 있는 벤더 원격 관리자들을 관리하는 데에는 적합하지 않습니다. VPN은 다음과 같은 보안상의 결함이 있습니다.

• – 풀터널을 만들어 손상된 종단장치 또는 계정으로 보안성이없는 핵심 시스템으로 남겨 둡니다.
• – 세분화된 네트워크 구성에 큰 구멍을 초래합니다.
• – PAM(권한 접근접근 관리) 기능이 부족합니다.

해결 방안은 무엇입니까?

재택근무자에 대한 사이버 공격이 증가함에 따라 조직에서는 최종 사용자의 기기 보안을 확보하고, 악성 소프트웨어와 랜섬웨어가 기업 생태계에 침투하는 것을 막아야 합니다.

하지만 서비스 데스크 팀은 적은 리소스로 많은 작업을 과중하게 수행해야 하고, 재택근무자에게서 발생하는 리스크를 해결해야 합니다. 재택근무자는 툴과 애플리케이션을 자체적으로 공급할 가능성이 크며, 이는 실수로 네트워크를 악성 소프트웨어나 랜섬웨어로 감염시킬 수 있습니다.

그리고 이 문제는 종종 일반적인 보안 문제인 Admin(관리) 권한으로 회귀 됩니다.

사용자는 관리자 권한이 없어 아무것도 할 수 없거나, 모든 Admin(관리)권한과 너무 많은 제어권을 가지게 됩니다.

직원들은 그들의 업무를 수행하는 데 필요한 시스템과 애플리케이션에 접속해야 합니다. 여러분의 IT 서비스 데스크는 전 세계 각 가정에 있는 직원들을 서포트해야 합니다. 서드파티 벤더와 계약업체는 여러분의 네트워크에서 중요한 작업을 계속 수행해야 합니다. 이 모든 작업은 여러분의 인프라와 VPN을 최대한 활용하지 않고 안전하게 이뤄져야 합니다. 어려워 보이지만, 그렇지 않습니다.

해결책은 보안 원격 액세스스를 최소한의 권한으로 연결하는 것입니다. 이 방법으로 재택근무 직원, 지원팀 직원 및 서드파티 벤더들은 VPN을 사용하지 않고도 필요한 엔드포인트와 시스템에 안전하게 연결할 수 있어 보안 위험을 초래하거나 네트워크를 방해하지 않고도 직원의 생산성을 높일 수 있습니다.

이 조합을 사용하여 재택근무하는 직원들은 최신 브라우저에서 사무실 데스크톱 또는 워크스테이션에 다시 연결할 수 있어야 하며, 지원팀 직원은 원격 컴퓨터와 기기를 보고 제어할 수 있어야 합니다.

또한, 일부 솔루션은 재택근무 직원의 모바일 기기 카메라에 액세스스하여 하드웨어 및 주변 장치 설정을 도울 수 있습니다. 모든 연결은 중앙에서 관리하고, 승인기반이며 보안 정책 준수를 위해 기록됩니다.

전체 보안 원격 액세스스 툴 사용을 극대화할 뿐만 아니라 최소 권한을 적용하면 애플리케이션 수준에서 단지 권한을 상승하고화이트리스팅 애플리케이션만 악성 소프트웨어로부터 보호하여 엔드포인트의 보안을 확보하는 데 도움이 됩니다.

계획에 없던 변경은 리스크의 증가를 야기할 수 있습니다. 보안에 영향을 주지 않으면서 재택근무 인력과 서드파티 벤더를 지원할 수 있는 방법이 있습니다.

공격 및 악성 소프트웨어로부터 원격 엔드포인트를 보호하는 방법에 대해 자세히 알아보세요. 퀵 가이드를 다운로드하세요. 재택근무 인력 활용 및 보안 에 대한 내용입니다.

The post 재택근무 직원 및 벤더 액세스 보호: VPN의 위험성 appeared first on Tech Wire Asia.

Teleworking, or remote working, is putting great strain on remote access systems. Most likely, you’ve experienced slow connections, crashing websites, or sketchy videoconferences. What’s not so obvious to everyone are the risks of continuing to use Virtual Private Networks (VPNs) for privileged remote administration, especially by vendors.

Even before the pandemic, risks posed by third-party access had increasingly become a core cybersecurity challenge. Many organizations may rely heavily on IT service providers to help them adapt to the new normal. Additionally, many service providers had to adapt their operations, potentially making the vendor systems less secure.

Address Your Remote Access Challenges: Get the Quick Guide

Amid the crisis, some companies have provided employees with company-provisioned computers that are closely managed and locked down. But for many businesses, the ability to have employees take their work computers home was limited. Some enterprises and public sector organizations simply can’t afford the cost of additional computers for every employee outside the office. This leads to employees using their personal computers from home, which poses a huge security risk on top of the remote access risk. It certainly doesn’t help matters that many organizations use a mix of unsecured and outdated remote access tools to connect to their network.

Third-Party Risk & VPNs

The vendor or third-party attack vector has been well-understood since at least the time of Target’s 2013 credit card data breach. That breach was infamously perpetrated by an attacker who gained initial access to the network via a third-party vendor’s VPN account used for monitoring HVAC equipment in stores. Vendor access security risk has exploded since that time.

The 2019 Privileged Access Threat Report disclosed that, on average, organizations have 182 vendors logging into their systems every week! A Ponemon Institute survey revealed that 59 percent of companies experienced a breach due to third parties in 2018. Now is the time for organizations to improve their ability to manage third-party risk.

One of the most common tools for remote access — the VPN — is unfit for managing privileged vendor remote administration of business systems, whether as part of a staff augmentation use case or just for troubleshooting. Among its security deficiencies, the VPN:

• – Creates a full tunnel, potentially leaving core systems with no inherent resistance to a compromised edge device or account.
• – Punches big holes in the network segmentation model.
• – Lacks privileged access management (PAM) features.

What’s the solution?

With the increase of cyber-attacks against remote workers, organizations must secure end-users’ machines and prevent malware and ransomware from being introduced into the corporate environment.

But service desk teams are stretched thinly, having to do more with less, and yet they must address the risks created by remote users. The latter are more likely to self-provision tools and applications and may inadvertently introduce malware or ransomware into the network.

And this problem often comes back to a common security headache — admin rights.

Users either have no admin rights, and can’t do anything, or have full admin rights and have too much control.

Your employees need to connect to systems and applications necessary to perform their work. Your IT service desk needs to support employees in their homes around the world. Your third-party vendors and contractors need to continue performing critical tasks on your network. And this all needs to be done securely without maxing out your infrastructure and VPN. It certainly seems too hard to achieve, but it’s not.

The solution is to combine secure remote access with least privilege. This way, you can enable your remote employees, support staff, and third-party vendors to securely connect to the endpoints and systems they need without requiring a VPN, allowing your workforce to be productive without introducing security risks or straining your network.

Using this combination, employees working from home should be able to connect back to their desktop or workstations at the office from any modern browser, and support staff can see and control remote computers and devices.

Some solutions also allow you to access a remote employee’s mobile device’s camera to assist in setting up hardware and peripheral devices. Every connection should be centrally managed, permission-based, and recorded for security compliance.

In addition to maximizing the use of a complete secure remote access tool, enforcing least privilege will help you secure endpoints by only elevating privileges at the application level and whitelisting applications to protect against malware.

Times of unplanned change can create increased risk. There are ways you can support your remote workforce and third-party vendors without compromising security.

Learn more about how to protect remote endpoints from attacks & malware. Download this quick guide: Enable & Secure Your Remote Workforce.

The post Securing Remote Workers and Vendor Access: The Perils of VPNs appeared first on Tech Wire Asia.