Tips to Mitigate Unauthorized Remote Access from Malicious Foreign Actors

Written by Chip Bell on March 22, 2021

Share This Article

Cybercrime is a global threat to countries, companies, and individuals. Actors from nation states and non-nation states are looking for ways to profit and collect data off of security breaches. In the most severe cases, these may be offensive attacks to directly inflict damage to their target including the loss of life, undermining of core institutions, and inciting civil unrest. Security breaches can also more simply lead to the loss of customer trust and money. If customers’ finances are affected and/or their data stolen, then how can they trust the company moving forward? 

This article will explore the growing threat of cybercrime, which nation states and non-nation state actors may pose as threats, preventive actions recommended by industry experts, and how to maintain customer trust if a company is breached.

What Are The Threats?

Cybercrime is forecasted to increase moving forward as it has proven to be lucrative for illegal actors: Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually 2025.

While cyberattacks can come from anywhere, the United States has identified a few countries that pose the greatest risk. According to the CIA, China and Russia pose the biggest espionage and cyberthreats to the US. Former Director of National Intelligence Dan Coats stated that “China, Russia, Iran, and North Korea increasingly use cyber operations to threaten both minds and machines in an expanding number of ways – to steal information, to influence our citizens, or to disrupt critical infrastructure,”

The Department of Homeland Security (DHS) has also identified a list of nation states and non-nation states that are possible threats. The DHS has created a framework called The Grand Cyber Arms Bazaar Framework to better understand who are the established, emerging, and opportunistic actors. The actors are mapped to the operations intended goal. Is the goal to profit off the crime? Data collection/espionage? Or an offensive attack?  

Defines each section of the framework; Commodification of Cyber Capabilities: A Grand Cyber Arms Bazaar, 2019 Public-Private Analytics Exchange Program (Image Source)
Shows the type of attack by country and organization; Commodification of Cyber Capabilities: A Grand Cyber Arms Bazaar, 2019 Public-Private Analytics Exchange Program (Image Source)

Securing one’s company against cyber threats is a never ending game of cat and mouse. Companies are constantly pursuing a state of complete protection against threats, but this is not feasible. IT and security professionals always have to stay up to date on the latest trends, evaluate new solutions to respond to new trends, and constantly monitor access points to validate their security.

Recommendations to Reduce Incidence of Cyber Attacks

The Center for Internet Security and Verizon have recommend that companies take certain actions to minimize cyberthreats, these recommendations include:

  • Secure Configuration: Ensure and verify that systems are configured with only the services and access needed to achieve their function
  • Email and Web Browser Protection: Since browsers and email clients are the main way that users interact with the Wild West that we call the internet, it is critical to lock these down to give users a fighting chance.
  • Boundary Defense: Not just firewalls given that the world has shifted to remote work, this Control includes things like network monitoring, proxies and multifactor authentication (MFA)
  • Data Protection: Controls in this list include maintaining an inventory of sensitive information, encrypting sensitive data and limiting access to authorized cloud and email providers.
  • Account Monitoring: Locking down user accounts across the organization is key to keeping bad guys from using stolen credentials, especially by the use of practices like multi-factor authentication
  • Implement a Security Awareness And Training Program: Educate users, both on malicious attacks and the accidental breaches

In fact, for most organizations, just focusing on a well thought out list of foundational security practices can dramatically lower the risk of a breach.

JumpCloud’s Recommendations

To protect users from nation states and non-nation state attacks, we recommend companies institute a Zero Trust Security Model.

Zero Trust security embodies the trust nothing, verify everything principle. This is vital with employees working from home as admins and security professionals cannot take the risk of allowing employees to access company resources from unsecure networks and unmanaged devices. Zero Trust implements controls to ensure users work only on trusted devices and networks, require multi-factor authentication (MFA) where necessary, and adhere to least privileged access principles.

JumpCloud’s Directory Platform is rooted in Zero Trust. We enable secure access to user devices, servers, networks, apps, and files regardless of location. To minimize threats from specific countries, JumpCloud recommends using our location (geofencing) policy. 

Geofencing

With JumpCloud’s Geofencing policy, admins can enable companies to enhance their security posture through advanced conditional access rules that can restrict access to the User Portal, the gateway to a user’s core applications, from specific countries. 

Prior to his feature, admins could only block countries by IP address within the JumpCloud Admin Portal. An admin would have to go into Conditional Lists to add the addresses, and from there go to Conditional Access Policies and create a policy to block or accept access from the stated IP addresses. For example, if an admin wanted to block access attempts from Germany, then would have to add 133, 355, and 121 IP addresses (according to IP2LOCATION) to their Conditional Lists. 

With location based policies admins can now block Germany (or any country from which they wish to prevent access) in just a few clicks. They can now exclude any country by adding a Location Condition and selecting the appropriate country or group of countries from the list within Conditional Access Policies.

JumpCloud’s location-based policies do not directly protect against spoofing, but admins can add country specific conditions on top of existing policies; for example: 

Block Access from Germany to the User Portal if: 

  • an authentication request is being attempted from an unknown IP address or range, or, 
  • from a device unknown to JumpCloud 

Layering location-based conditions on top of existing policies increases an admin’s control over access to the User Portal. With Geofencing or any Conditional Access Policy, we also advise that MFA be an additional requirement to login.

With JumpCloud’s Directory Insights, admins will now be able to monitor their location policies. Directory Insights aggregates event logs across user activity and virtually every IT resource, and surfaces them in a standardized format with instantly actionable data. An admin can use Directory Insights to see if their location policy was applied during user authentication.

Security Breach and Customer Communication

A company may have put in every measure recommended by the Center for Internet Security and Verizon to protect themselves and their customers’ data, but a breach could still happen. This may seem like a problem for IT, but it is one the business as a whole needs to address. A company’s reputation can be tarnished in the eyes of customers, but they are more likely to retain customer trust if they proactively communicate the breach and describe clearly how they intend to add the appropriate measures to prevent this type of situation in the future. 

It is essential that a breached organization not hide this information from customers, as it can eventually come out; it is better if a customer hears the news from the company in a timely manner, than from the news or other source.

Evaluate JumpCloud Free Today

If you’re new to JumpCloud and interested in learning more about the platform and how to achieve stronger security practices, evaluate JumpCloud today! JumpCloud Free grants admins 10 devices and 10 users free to help evaluate or use the entirety of the product. Once you’ve created your JumpCloud account, you’re also given 10 days of Premium 24×7 in-app chat support to help you with any questions or issues if they arise.

Continue Learning with our Newsletter