News

A recent report by Zscaler reveals that organizations are deeply concerned about network security risks associated with VPNs. The report emphasizes the importance of reevaluating security strategies and transitioning to a zero-trust architecture to combat the growing threat of cybercriminals exploiting VPN vulnerabilities.

The report highlights that 92% of survey respondents recognize the significance of adopting a zero-trust architecture. However, it is alarming to discover that many organizations still rely on VPNs for remote employee and third-party access, unintentionally creating an attractive attack surface for threat actors.

Deepen Desai, Global CISO and Head of Security Research at Zscaler, adds that legacy firewall and VPN vendors are marketing virtual VPNs in the cloud as zero-trust solutions. Customers must ask the right questions to avoid being misled by these virtualized legacy offerings. To protect against evolving ransomware attacks, organizations should eliminate the use of VPNs, prioritize user-to-app segmentation, and implement an in-line contextual data loss prevention engine with full TLS inspection.

The usage of unsafe VPNs presents significant security risks, with 88% of organizations expressing deep concerns about potential breaches. Phishing attacks (49%) and ransomware attacks (40%) are the primary concerns arising from regular VPN usage. Alarmingly, almost half of the organizations have experienced targeted cyber attacks exploiting VPN vulnerabilities, such as outdated protocols or data leaks, with one in five organizations falling victim to an attack in the past year. Ransomware attacks through VPNs have affected 33% of organizations in the last year.

Research shows that despite diligent security measures, 90% of organizations worry about third-party vendors being exploited by attackers to gain unauthorized access to their networks. External users like contractors and vendors pose risks due to varying security standards, limited visibility into their network security practices, and difficulties in managing third-party access. Legacy networking and security architectures typically grant users direct access to the network, relying on the trustworthiness of user credentials. However, this approach becomes problematic if these credentials are stolen. The zero-trust approach mitigates these risks by allowing users to connect directly to applications and resources, eliminating the possibility of lateral movement and preventing compromised devices from infecting other resources. Users and applications are also hidden from the internet, reducing the risk of discovery and attacks.

In addition to security concerns, users’ dissatisfaction with their current VPN experience is another motivator for organizations to adopt zero-trust architecture. Slow and unreliable connections are a major pain point for 72% of users, while 25% are frustrated by sluggish application speeds, and 21% frequently experience connection disruptions. Unreliable internet connectivity negatively impacts user experiences, leading to lower engagement. Complex authentication processes can also result in lost productivity, reduced revenue, and increased data loss risks as users find ways to bypass inefficient VPN services.

Organizations are increasingly recognizing the role played by outdated VPNs in both security and user experience concerns. As a result, many companies are in the process of transitioning to zero trust-based architectures. In fact, 92% of organizations now understand the importance of adopting a zero-trust approach to protect their assets and data, marking a 12% increase from the previous year. Additionally, 69% of organizations are currently planning to replace their existing VPN solutions with Zero Trust Network Access.

To effectively mitigate the risks associated with VPN vulnerabilities and protect sensitive data and applications from cyber attacks, the report strongly recommends organizations to implement a zero-trust architecture.

The post Organizations Express Concerns Over VPN Security Risks appeared first on satProviders.