It was summer in Ohio along the banks of Erie Canal that I caught my first fish. I was using a traditional fishing rod my uncle had modified to act as a simple cane pole since I couldn’t cast properly; we got lucky that day — turns out we had picked a spot in a school of Perch. I must have caught twenty fish in an afternoon.

Thirty years later, fishing means something entirely different to me. As a cyber-security expert and in the context of my profession, fishing is the process by which a person, for lack of a better term we’ll refer to as the “bad guy,” uses email to compromise a user’s system. This is typically done by either capturing their login credentials directly or installing malware on their system. The malware is used to capture credentials to privileged systems.

An example of this type of attack was widely covered in the news recently. You may remember hearing about the Target data breach, in which the bad guys learned about Target’s network and vendor portal through dedicated intelligence. They waited until they were able to successfully compromise one of Target’s vendors. In this case, it was a HVAC company that managed the air conditioning and heating for the stores.

While Target is the most famous public breach, they’re certainly not alone. It’s been reported that breaches are so common now that personal identifiable information (PII) is worthless on the black market because there’s simply too much supply for the demand.

This doesn’t mean the bad guys have stopped their attacks. In fact, the nature of the attacks are evolving and are focusing more on ransomware, intellectual property theft, and traditional fraud. One constant is that the most vulnerable point in a network perimeter is the Virtual Private Network (VPN) service that allows remote access.

We all know the modern workforce requires remote access; traveling salespeople need to check email, update the CRM and track orders, organizations now offer a telecommuting policy, and if systems crash in the middle of the night, you don’t want your System Admins to have to drive back into the office to fix the problem.

Traditionally, the way organizations have provided remote access has been through a VPN solution, but these can be problematic. Namely, they’re expensive to install, require experts to configure, and are often dependent on specific expensive client software that can often lead to increased helpdesk calls. Forcing employees to become VPN client software maintainers equates to opening a can of worms. Other issues exist like the super-bug that hit a popular VPN provider a few years ago, where an attacker’s success can be deadly to an organization.

VPNs typically work by installing a remote device onto the network, just as if they were a desktop on a person’s desk in the physical building. This was a remarkable achievement in the early 2000s when telecommuting took off, but in 2018 it’s a recipe for a disaster. In short, VPN systems are expensive, hard to maintain, and allow attackers to bypass the firewalls to go after the real prizes — the internal databases and local file systems.

This is why IT administrators are evaluating a better way to deploy remote access solutions. A recommended approach includes achieving a strong security posture by leveraging ICSynergy’s SPGateway.

The SPGateway enables secure remote access without the problems of a VPN by:

• Only allowing authenticated requests
• Actively performing session integrity checks
• Storing zero data on the SPGateway
• Sharing zero session data between SPGateway nodes

The SPGateway can also be paired with an identity provider to enforce strong authentication, including:

• Complex password requirements
• Multi-factor authentication including hardware tokens
• Only allow trusted devices

If you’d like to hear more about how our product works to effectively eliminate phishing, how easy it is to deploy, or learn more about its connectivity capabilities, give us a shout.