A month into 2019, it feels like the calm before the storm. There's been a lull in data breaches, and not many major headlines so far... but experts keep warning that the cyber threat landscape has never been more treacherous. Attacks are increasingly sophisticated and the skill gap is widening, even as 89% of IT leaders expect budgets to grow or stay steady, according to Spiceworks.
How bad will it get? Security experts are bracing themselves for data breaches that will have a financial impact in the trillions of dollars in 2019.
In the midst of this, remote connection is playing a more important role. Whether an IT help desk is supporting a remote workforce, or a retailer wants to allow third-party technicians to remotely fix PoS machines, or a manufacturer needs to diagnose a robot in a factory halfway around the world, the goal is the same: remotely access a machine quickly, without compromising security.
Here are the 8 trends that will shape the world of secure remote access in 2019.
1. Decentralization will continue to define the workplace
Each year, remote work trends up. Some 50% of American employees work remotely now, according to Forbes, which means more vulnerabilities as workers access business applications from home or public WiFi.
Here's the big picture: Last year, employees completed half a billion authentications per month, using 10.7 million devices to log into 800,000 enterprise apps and services, according to the latest Duo Trusted Access Report.
Most companies haven't figured out how to handle this. When SMBs allow remote work, for example, 38% of those employees don't have the technical support they need.
As this trend continues, it's going to get harder to protect core business networks and keep workers productive.
Implementing remote support
Employees need tech support when working away from the office. That means IT teams have to be able to remotely fix machines, push patches and security updates, resolve issues, answer questions, and keep those remote teams happily productive — across timezones and continents.
Companies that can't do this will find their IT personnel spread too thin, and their networks left open to threats.
Just as importantly, employees may need to remotely monitor, manage and support production equipment and IoT devices. If a technician is working from home and needs to access a server or machine, for example, it's important to keep that connection airtight to prevent intrusions.
- Set robust remote work policies and invest in training
- Make sure remote connections are encrypted end to end
- Use multi-factor authentication whenever you can
- Integrate remote access software with your AD (or via LDAP) to simplify user management
2. Cybercrime is only beginning to rise
Within two years, cybercrime damages are predicted to hit $6 trillion. You read that right.
It's impossible to overstate how important it is to prepare your business for a variety of attacks. Data breaches are becoming almost routine, with PoS attacks remaining a top vulnerability in retail and hospitality. While 2018 saw a surge in cryptomining, 2019 will bring a new set of vulnerabilities including hardware flaws and insecure biometrics.
Of course, large corporations are often the most attractive targets. But if an SMB is attacked, the damage could be enough to obliterate it. Poneman's Cost of a Data Breach study found that the global average cost of a data breach was $3.86 million last year.
It should surprise nobody that security concerns were the second most important reason for increasing IT budgets in 2019.
- Plan for intrusion detection and mitigation, not just prevention
- Lock down connections to common threat vectors such as PoS and IoT machines
- Set rules for logging and auditing, including session recording as needed
3. IoT devices are among the most vulnerable
With the proliferation of connected devices in retail, manufacturing and finance, hostile actors have a lot of options for gaining a foothold within business networks.
The next wave of ransomware, malware, botnets and related threats will have more advanced goals in 2019: exfiltrate data, surveil, and disrupt real-world operations. It's critical to protect the connections between IoT devices and core business networks.
- Ensure good network segmentation
- Centralize security protocols around remote monitoring and management
- Implement activity and event logging systems on connected devices
4. Remote monitoring and management is surging
In manufacturing, RMM (remote monitoring and management) has become much more pragmatic in recent years. Industrial control systems and connected devices have become cost-effective and simple to manage. With the right toolset, this will be standard very soon.
"A few years ago connecting machines was, for many companies, unaffordable. Today, remote management is increasingly becoming the norm." — Manufacturing Global
When businesses remotely manage machines, they see notable benefits in efficiency, staffing, overhead, and reduced downtime.
However, this trend exposes organizations to threats of remote attacks and sabotage. There are more points of vulnerability in an IoT ecosystem, especially for businesses that are globally dispersed.
IT teams need to carefully manage authentication, authorization and logging to maintain control.
- Use a remote management solution that can handle multiple platforms within a centralized view
- Limit outside access to VPN and WAN — use role-based and risk-based authentication
- For attended devices, enforce user approval before remote session initiation
- Use granular authorization and access rules, including white listing application access for remote users
5. Supply chain attacks will make an impact
As several organizations found out last year, threats can have an impact up and down the supply chain.
Your vendors, partners, service providers, and any third party can become a weak point if they're targeted. An attack on one part of the supply chain can result in widespread havoc that disrupts all the companies downstream.
Retail will continue to be vulnerable to data breaches, with Trustwave reporting that breaches through service providers increased by 10 percent in the past year.
- Audit your partners and service providers for security best practices and compliance
- Permit remote access using the most stringent, granular security controls including white listing application access, and group-based, IP-based or time-of-day-based authorization
6. Maintaining business operations matters more
Uptime matters more than ever.
Every second of machine downtime results in lost productivity and dollars down the drain. From an IT standpoint, disaster recovery gets a lot of attention... but preventive and predictive maintenance play an important role too. On top of that, when a company can minimize issue resolution times and efficiently handle service requests, that keeps the team more productive and responsive across the board.
This is where remote support is especially helpful. It enables companies to scale expertise with a relatively small team. For example, a specialist within a centralized IT team can remotely connect to an ATM, an IoT machine, PoS device or scanner to run diagnostics from afar, rather than having to service the machine in person. That team's expertise can be anywhere on the planet instantly, without needing technicians to be on site.
With an advanced remote access tool, an engineer can often fix an issue behind the scenes without disrupting the ongoing work at that location.
Productivity, efficiency, security, and flexibility are key to running a modern business, and remote access plays an important role in facilitating those goals.
- Consolidate support tools for vendors and MSPs
- Use fast remote connections to scale expertise, but never compromise on security to do it
- You can't afford to have vendors, third parties and in-house experts stumble over disparate systems to try to bring business-critical machines and applications back online
7. Compliance is now essential
Regulatory rules aren't getting any simpler, or any less important. In 2019, complete compliance isn't a "nice-to-have." It's essential to keep your business in line with GDPR, PCI-DSS and other frameworks. GDPR complaints have already started surging in the past month.
Many compliance guidelines are designed to protect businesses from threats that could impact customers, end users and shareholders, which adds an extra incentive to meeting mandates.
How does this impact remote access? Companies that can log events / activity in a remote access session are better prepared to show auditors and regulatory agencies that they have taken the proper steps to ensure compliance — reducing penalties and protecting the company's reputation.
- Set security-centric policies for remote access and remote desktop control
- Ensure audit logging best practices are followed
8. Consolidation brings efficiency
As business operations grow, there's been an explosion of shadow IT, cloud sprawl, big data, a growing security perimeter, and countless new vulnerabilities.
It's becoming impossible to track and manage the influx of data and events without AI — which is still years away from solving these problems. For now, the challenges are leading to inefficiencies, broader attack surfaces, and lack of control.
That's why IT leaders need centralized, consolidated tools and solutions that allow visibility and control from a single point. It's untenable to switch between solutions to solve different variations of the same problem.
- Use a cross-platform remote access tool that can support everything from Windows PCs and Macs to Linux and mobile devices
- Customization and flexibility are essential
Netop offers modern remote control solutions that allow your team to connect securely and efficiently to any device, from anywhere. Let's talk about how we can help.
Grady Locklear is the Content Marketing Manager at Netop