Cyber Threats to Businesses: Securing the Remote Desktop Protocol
More and more cyber incidents are stemming from vulnerable Remote Desktop Protocol (RDP) ports, particularly as more businesses are working remotely.
Our Cyber Insurance Partner, CFC Underwriting has provided some useful information about this technology and steps that businesses can take to protect themselves:
What is Remote Desktop Protocol (RDP)?
RDP is a proprietary Microsoft protocol that allows a user to access their desktop and computing resources remotely from another computer. It is also sometimes referred to as Terminal Services.
Why is RDP vulnerable?
The presence of RDP being available over the internet can be easily detected by people scanning the entire internet. Cyber criminals routinely attack computers and servers where RDP is accessible in order to install malware such as ransomware, or to using the computer as a staging post for other attacks.
They attack RDP in various ways such as brute-forcing their way into the network by trying millions of different passwords that have been exposed in previous breaches, or by using compromised passwords from phishing attacks against the company.
RDP is also subject to several software vulnerabilities that if left unpatched can allow an attacker access into your computer network.
Suggested steps to protect your network
- CFC recommend that you turn off Remote Desktop access if it is not necessary. If necessary, secure it behind a VPN and/or multi-factor authentication. This is often best achieved by using an RDP Gateway server in conjunction with a firewall.
- Use strong, unique passwords throughout your network. The UK’s National Cyber Security Centre has excellent guidance on modern password policies available at https://www.ncsc.gov.uk/collection/passwords/updating-your-approach
- Keep your operating system updated. Several well-documented and routinely abused vulnerabilities exist in RDP, and new software vulnerabilities are found all the time so patching them in a timely manner is vital. Where the server is running an outdated version of the Windows operating system (such as Server 2008 or Windows XP) look to upgrade the software to a more modern version currently receiving security patches.
- Limit the number of failed logon attempts before timing out to a number suitable to your organisation. This makes systems significantly more resilient against brute-force attempts to guess user passwords. You can also disable the built-in Administrator account on Windows servers and/or rename it to something else, as that is the most commonly guessed username.
Source: CFC Underwriting.
Cyber risks are an exposure that almost no business can escape
Real Insurance are advising all businesses to ensure they have robust cyber insurance cover in place, given the increased number of attacks and the current climate.
Cyber attacks have evolved and become more frequent. Did you know 46% of SMEs suffered at least 1 cyber attack or breach, according to the latest DCMS Cyber Security Breaches Survey? The nature of cyber attacks has also changed. Since 2017, there has been a rise in businesses experiencing phishing attacks (from 72% to 86%), and a fall in viruses or other malware (from 33% to 16%).
Click here to read the full report: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/893399/Cyber_Security_Breaches_Survey_2020_Statistical_Release_180620.pdf
If your business doesn’t have cyber insurance then you are potentially exposed to huge financial losses that can be incurred when your IT system comes under attack. This can lead to costs from handling a data breach, lost revenue, a damaged reputation, legal and regulatory costs, not to mention the disruption to your business.
For more information about the different cyber insurance covers available please click here
Contact a Real Insurance specialist on 0330 058 0260 who can provide a tailored quotation specific to the needs of your business.