WHAT IS RDP?
According to Wikipedia Remote Desktop Protocol or RDP “is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.” This method of gaining remote access to another computer can be helpful when maintained in a secure environment with security provisions in place such as a VPN, which can prevent the RDP from being publicly accessible, but it can be very costly if it is not. For example, a desktop support associate might have to gain remote access to a worker’s computer because of a computer issue. The desktop support associate can remote into the other associate’s computer with the appropriate authentication provisions to find out why they are having issues. This can cut out the limits of having to physically be at the associate’s computer to make any changes necessary to get their systems running as usual.
Let’s look at what can happen when the appropriate provisions and courses of action are not taken and a cyberattack occurs through the use of Remote Desktop Protocol and how it can put a business at risk for cyber threats like ransomware. Breaches in security through the use of RDP can come through spam email, malicious advertisements, and ransomware. These backdoor methods of gaining access to the systems of unsuspecting victims can lead to the undoing of a business. Small and Medium-sized businesses are not always able to recover from such breaches. Many times these businesses do not feel they are at risk because they are smaller. According to an article in Security Boulevard, this is not true, “Coveware’s latest set of statistics from Q3 of 2020 show that more than 70% of ransomware incidents were companies with fewer than 1,000 employees, and 60% had revenues of less than $50 million. Many businesses may not seek to protect themselves through the use of appropriate security measures such as securing networks and cyber insurance coverage because they feel that they are not targets. It has been said that it is not a matter of if a cybersecurity breach will happen but when. That is why businesses must stay vigilant when it comes to protecting themselves against potential threats. An article in Security Boulevard states that “companies with a few dozen or even a few hundred staff tend not to have dedicated IT teams implementing best practices and operating sophisticated security tools. They may only have a couple of techs, or a break-fix MSP keeping everything going, or outsource to a part-time service provider.” This is not helpful if RDP is used to penetrate a business’s system. RDP compromise has long been a way that criminals use ransomware, and it has stayed above 50% of all cases for the last 2 years.
SECURE USE OF RDP
Along with securing networks and using other appropriate security measures to prevent RDP compromise, businesses need to invest in the right VPN, firewall protection, end-point detection, and response systems. Because we are moving to an ever-increasing remote workforce, these tools are even more important. According to an article in Security, titled, Seven cybersecurity predictions for 2021, remote workers will be the focus of cybercriminals throughout 2021. They will use various avenues to engage with workers and then penetrate systems if the right remedies are not put in place. Also, VPNs alone are not always sufficient forms of protection. According to the article, “to comply with stay-at-home
orders, many organizations looked to legacy security architectures like VPNs as a silver bullet solution for remote work. However, this is not a sufficient long-term solution as VPNs introduce latency, hamper productivity, can be difficult to scale and can grant employees excessive access to internal resources. VPNs also represent significant liabilities as cybercriminals can easily exploit unpatched VPNs with ransomware.” Using other methods such as two-factor authentication, firewall protection, and end-point detection and response systems can add further layers of protection that are not as easily penetrated.
RISK TO BUSINESSES
When a business does not have the appropriate cybersecurity protections in place, out-of-pocket expenses are costly. For example, cyber insurance underwriters may not give them a quote for insurance because the right protections have not been put in place to help in the event of a ransomware attack, which can be too risky. When a business is unable to gain the appropriate cyber insurance coverage, it can leave them vulnerable to attack and cost them more in the event of an attack. Cybersecurity and cyber incident response plan need to exist in every company regardless of its size. Having the right protections in place can save a business and protect it from criminals that seek to take advantage of them.