Threat actors can so easily target organisations through remote desktop protocols (RDP) – which is why partners should consider the super-safe remote access solution from RealVNC.
Externally exposed, insecure RDP remains alive and well out there, despite partners’ best efforts so far in educating the market, as noted by the RealVNC blog.
To make things worse, many organisations still aren’t standardised on multi-factor authentication (MFA) and do little monitoring, even of older host operating systems that are often still hiding away in a corner somewhere.
That’s largely why, however, RDP misuse is still talked about by current cyberattack reports covering ransomware and the like. in 2018, RDP was listed as a leading attack vector, and today it might be behind phishing but still ahead of vulnerabilities when it comes these risks.
In a 2023 Active Adversary Report for Tech Leaders from Sophos, for instance, RDP played a role in as many as 95 in every 100 cyberattacks, up from 88% in 2022. And a three-year GoSecure honeypot study of 20,000 RDP sessions collected some 190 million separate threat actions.
RDP is not only a way to enter the company network but it can help cybercriminals move around the network once they’ve successfully compromised it.
It’s time to move customers away from RDP
Luckily, more secure routes to remote access are available, delivering additional control. With RealVNC Connect, you get secure remote access with MFA.
And you can deliver granular control, restricting utilisation of remote sessions to specific machines. That’s opposed to RDP which allows anyone to use any other machine they have local log-on rights for.
At the same time, leveraging the principle of least privilege, with RealVNC, organisations can apply a specified level of privilege to any given remote-access session.
Every remote control session must first be authenticated
For example, with device access, all connecting users must authenticate to VNC Server, which is the app that’s installed as part of VNC Connect on every remote endpoint and also has recommended MFA.
For on-demand assist, an end user must enters a nine-digit code that’s also unique to the session, received from their support technician, out-of-band.
In addition, every remote connection on a VNC Connect subscription is end-to-end encrypted via 128-bit AES 2048-bit RSA keys and perfect forward secrecy, with optional 256-bit AES if desired via the ‘AlwaysMaximum’ Encryption setting in VNC Viewer, via File > Preferences > Expert.
Even more security is available via a RealVNC Business Premium or Enterprise subscription. For example, with an Enterprise subscription, you can ensure that absolutely no data is ever stored by RealVNC in the cloud.