These Five Technologies Increase The Risk of Cyber Claims
Cybercriminals are opportunists. Many of them are not looking for the most complicated or valuable target; they just want an easy way into an organization’s system—and exposed and unprotected internet-facing technologies offer just that.
Many of the riskiest technologies have valid business functions. Some provide a way for authorized external users to access internal systems, while others are meant to increase security or help manage organizational resources. But because they’re so visible on the public-facing internet, they’re also visible to cybercriminals looking to exploit them.
With the new year now under way, it’s the perfect opportunity for businesses to refresh their knowledge and get a jump start on improving their cyber posture. A great start would be to consider five technologies that increase an organization’s likelihood of experiencing a cyber claim—and what remedies are available.
1. VPN Login Panels
In many ways, virtual private networks, or VPNs, are a good thing—they create a secure, encrypted connection between a device and a business’ internal network, enabling employees to work remotely and still access necessary internal systems. SSL VPNs have become increasingly popular in recent years due to their user and administrator-friendly features and configuration, but their track record, from a security standpoint, is abysmal. Even with multi-factor authentication enforced, vulnerabilities have been discovered time and again across nearly every vendor of SSL VPN solutions, requiring diligent tracking of firmware updates and rapid patching when threat actors begin exploiting those vulnerabilities.
With exposed VPN login panels, businesses are three to four times more likely to experience a cyber incident. And, if an attacker gets in, either through credential stuffing, phishing attacks, or exploitation of a vulnerability, they gain unrestricted access to a business’ internal systems. Critical vulnerabilities further magnify this risk, as most major VPN vendors have disclosed flaws that allow attackers to steal session tokens or bypass authentication entirely.
While MFA can help prevent stolen credentials from being the only thing attackers need to access a VPN, ensuring VPNs are updated and patched promptly is critical to reduce the likelihood of an attack. Organizations should also aim to limit a VPN’s web exposure by ensuring that administrative panels are not publicly accessible. By doing so, organizations can reduce the number of potential entry points attackers can pursue.
More than all these steps, however, the best advice is to seriously consider migrating from SSL VPN to a Zero Trust Network Architecture solution. There are no silver bullets in security, but the segmentation and access control offered by ZTNA is an enormous step up in security posture from SSL VPNs.
2. Remote desktop applications
Many businesses use remote desktop applications to allow authorized external users, such as remote employees or IT contractors, to access internal computers or organizational files. While it may sound quite useful and harmless, businesses with exposed remote desktop applications are three to eight times more likely to experience a cyber incident.
These applications create a direct pathway into businesses’ IT environments, and once attackers are inside, they can deploy ransomware, steal data, or move laterally across the network. In the end, the risk of exposing sensitive technologies directly to the internet without adequate safeguards outweighs the convenience of remote access. The potential cost savings simply aren’t worth it, and it significantly increases an organization’s cyber risk.
Luckily, there are steps organizations can take to reduce their exposure, including putting the application behind a ZTNA solution or VPN, enabling MFA and using a reputable managed detection and response (MDR) solution.
3. On-premises Exchange web logins
Microsoft Exchange is the most popular email service on the market, enabling companies and employees to manage email, calendars and other resources remotely. Because it can be configured so it’s accessible via any browser, it’s convenient for staff working outside the office.
But it also provides an easy entry point for attackers who regularly scan the internet for exposed login portals. Once attackers identify these exposures, they launch password-spraying, brute-force, and credential-stuffing attacks—all designed to pick at the entry point relentlessly until they get in.
Smaller organizations often host Exchange on-premises due to existing infrastructure investments or a desire for customization. But they may not take the necessary steps to ensure a secure configuration. Given that on-premises Exchange servers have been among the most heavily targeted technologies in recent years, this creates a serious exposure for businesses: they are four times more likely to experience a cyber incident and a potential claim. When Exchange is outdated or a critical vulnerability—which is extremely common—remains unpatched, it makes businesses even more likely to fall victim to a security compromise.
A solution to this exposure is upgrading to a secure cloud or hosted email product. By transitioning to Microsoft 365 or another managed email platform, businesses can reduce their exposure as the services are continuously updated, monitored, and patched against the latest threats. Using firewalls or filtered access can also mitigate some exposure because they may restrict login access to trusted IP ranges or locations, reducing the risk of brute-force and credential-stuffing attacks. But moving away from on-premise email is a quick way to dramatically improve your security posture.
4. Stolen Credentials
The internet data that infostealers target is a key exposure for businesses. These infections are a type of malware that infiltrates browsers to steal usernames and passwords as individuals enter them into different websites and applications. Identity is becoming an increasingly large target for threat actors as it unlocks access to so many critical services.
Because there’s been a steady stream of data breaches over the past two decades, an online black market dedicated to buying and selling stolen information has thrived. So, even if an organization has managed to detect and expel an attacker, it’s possible they’ve taken employee credentials and sold them to others to exploit. Organizations whose employees’ credentials have been stolen are four times more likely to experience a cyber claim.
The risk of stolen credentials can be mitigated by enforcing MFA and implementing security awareness programs for employees, which can help create a security-minded company culture. Investigating potential infections and credential reuse are also important steps a company can take to protect itself.
5. Remote Shell Programs
Remote shells allow IT administrators to execute commands on systems across a business network. Think of them as a master key that unlocks direct access to internal functions, allowing users to leverage them to configure and modify anything in the system. While this means administrators can remotely manage servers, deploy updates, and troubleshoot problems, if it falls into the wrong hands, it could spell disaster for an organization.
The risk of a cyber claim varies based on the type of shell program an organization uses, but it’s safe to say that those who expose these applications to the internet are significantly more likely to experience a claim. They’re a prime target for attackers because they offer deep administrative access to business systems. Once inside, attackers can issue commands, install malware, extract data, and even disable security tools.
As a general rule, these technologies simply should not be directly exposed to the public internet. Moving them behind a ZTNA solution or VPN dramatically reduces a company’s attack surface and makes it far more difficult for an adversary to even know the remote shell exists, let alone attempt to access and exploit it.
Turing Awareness into Action
Sensitive technologies are increasingly exposed to the internet, making them easy targets for cybercriminals. Small and midsize businesses are particularly vulnerable because they often lack deep cybersecurity expertise, operate with limited IT budgets, and face overwhelming amounts of information. Attackers recognize and exploit these resource and knowledge gaps to their advantage.
For the past few years, the perception has been that organizations aren’t aware of their exposure to cyber threats, but research reveals that business leaders know attacks are increasing. They do, however, struggle to make informed decisions about where and how to invest their time and money thoughtfully.
That’s why brokers and risk management professionals are essential. By offering clear guidance that cuts through the noise and helping to pair organizations with mitigation-focused cyber insurance coverage, they can help businesses move from awareness of these risks to concrete action to proactively mitigate them.
Toomey is vice president of underwriting security at Coalition.
- US Airlines Cut Flights Again as Another Winter Storm Looms
- London Cyber Attack Threatens to Hold Up Thousands of Home Sales
- 20,000 AI Users at Travelers Prep for Innovation 2.0; Claims Call Centers Cut
- UBS Top Executives to Appear at Senate Hearing on Credit Suisse Nazi Accounts