Remote access challenges and news of hacks have been in the news since Work From Anywhere became urgent over a year ago. It started almost immediately with rumblings about VPNs followed quickly with concerns about remote desktop protocol or RDP. The frustration was understandable, VPNs have been around a long time with a notoriously unpleasant user and IT experience. The social media hashtag #KilltheVPN was born out of this frustration. More important than the bad user experience are the insecurities and vulnerabilities found in VPNs which add to organizational risk, especially when their use is “turned up to 11”. RDP itself has been used for years as a remote access solution; accessed via a VPN, internet facing portal, or over the internal network. The pandemic rush to work from home sent thousands of RDP users and RDP enabled machines outside the classic network perimeter.
By May 2021, after the Pulse Secure VPN products were exploited, the Cybersecurity & Infrastructure Security Agency (CISA) issued the directive that this exploit posed an unacceptable risk to civilian agencies. CISA and the FBI issued a joint statement on yet another remote access challenge related to the DarkSide Ransomware that took down the Colonial Pipeline. They urged critical infrastructure operators to “adopt a heightened state of awareness and implement the recommendations listed in the Mitigations section of this Joint Cybersecurity Advisory.”