Organizations overwhelmed by numerous and insecure remote access tools

Organizations are combating excessive remote access demands with an equally excessive number of tools that provide varying degrees of security, according to Claroty.

Data from more than 50,000 remote-access-enabled devices showed that the volume of remote access tools deployed is excessive, with 55% of organizations having four or more and 33% having six or more. Worse, almost 22% have eight or more, with some managing as many as 15 or 16 remote access tools.

Remote work surge creates new security and management issues

Team82’s research also found that 79% of organizations have more than two non-enterprise-grade tools installed on OT network devices. These tools lack basic privileged access management capabilities such as session recording, auditing, role-based access controls, and even basic security features such as multi-factor authentication (MFA). The consequence of utilizing these types of tools is increased, high-risk exposures and additional operational costs from managing a multitude of solutions.

Others, meanwhile, have been involved in high-profile breaches. TeamViewer, for example, recently disclosed an intrusion, allegedly by a Russian APT threat actor group. Known as APT29 and CozyBear, the group accessed TeamViewer’s corporate IT environment using stolen employee credentials.

AnyDesk, another remote desktop maintenance solution, reported a breach in early 2024 that compromised its production systems. As a precaution, AnyDesk revoked all user passwords and code-signing certificates, which are used to sign updates and executables sent to users’ machines.

“Since the onset of the pandemic, organizations have been increasingly turning to remote access solutions to more efficiently manage their employees and third-party vendors, but while remote access is a necessity of this new reality, it has simultaneously created a security and operational dilemma,” said Tal Laufer, VP Products, Secure Access at Claroty.

“While it makes sense for an organization to have remote access tools for IT services and for OT remote access, it does not justify the tool sprawl inside the sensitive OT network that we have identified in our study, which leads to increased risk and operational complexity,” added Laufer.

The security implications of IT remote access in industrial environments

While many of the remote access solutions found in OT networks may be used for IT-specific purposes, their existence within industrial environments can potentially create critical exposure and compounding security concerns that include:

Lack of visibility: In cases where third-party vendors connect to the OT environment using their own remote access solutions, OT network administrators and security personnel who are not centrally managing these solutions have little to no visibility into the associated activity.

Increased attack surface: More external connections into the network via remote access tools mean more potential attack vectors through which substandard security practices or leaked credentials can be used to penetrate the network.

Complex identity management: Multiple remote access solutions require a more concentrated effort to create consistent administration and governance policies surrounding who has access to the network, to what, and for how long. This increased complexity can create blind spots in access rights management.

According to Gartner, security and risk management (SRM) leaders should, “perform a full inventory of all remote connections across the entire organization, as shadow remote access likely exists throughout operational networks, particularly at field sites,” and “remove older remote access solutions when deploying newer CPS secure remote access solutions. Organizations commonly deploy new solutions without focusing on what is left behind, and with the number of exploited VPN vulnerabilities growing, this could be a significant blind spot.”