Remote access: VPN is out - Zero Trust is in

Remote access: VPN is out - Zero Trust is in

Share post

According to a survey, while many companies want to rely on zero trust, 95 percent of companies still use VPN to enable hybrid work and distributed work environments across branch offices. However, almost half of the companies also noticed the attacks on VPN. 

For decades, companies around the world have relied on VPN to secure remote access. For many IT security departments, going through a secure tunnel into the company network was the best way to protect the company from unauthorized access while still allowing employees remote access. But over the years, this option proved increasingly dangerous.

Attackers are looking for VPN ways into the company

Not only employees use the tunneled access to the company network, but also attackers. There are now nearly 500 known VPN vulnerabilities in the CVE database, which hackers use to gain unauthorized access, and the number of security incidents is steadily increasing. To contain the risk of incidents, Zero Trust-based security approaches are used to minimize the attack surface for companies.

Trends such as working from home or anywhere make it clear that remote access is very popular. Businesses have recognized the benefits of flexible working, especially during the pandemic, and have switched to remote work to remain productive and profitable. The current VPN Risk Report study by Cybersecurity Insiders on behalf of Zscaler among 350 IT security professionals shows that 78 percent of the companies surveyed want to rely on a hybrid workforce in the future. With the rise of remote working, new security technologies are being evaluated, and 80 percent of decision makers said their organization is at least on the way to adopting Zero Trust.

Zero Trust secures remote access

The report's findings also show that the number of VPN-specific security threats has increased. According to the report, 44 percent of cybersecurity professionals have seen an increase in attacks on their companies' VPNs over the past year due to remote working. The use of conventional VPN architectures allows too many external accesses to pass unhindered. Malicious actors exploit the attack surface to penetrate networks and launch ransomware, phishing attacks, denial of service attacks, and other methods to exfiltrate critical business data.

95 percent use VPN for hybrid work!

However, 95 percent of the companies surveyed still rely on VPNs to enable hybrid work and distributed work environments across branches. In addition to employees in remote locations, large companies often allow other external third parties such as customers, partners and contractors access to the network. In some cases, these users connect from untrusted devices over insecure networks and are given far more access permissions than necessary, leading to additional security risks. In contrast to VPNs that are complex to manage, a Zero Trust architecture improves the company's IT security without compromising user-friendliness. Such an approach makes the company's application landscape invisible to attackers on the Internet: What is not exposed on the Web cannot be attacked either.

Danger recognized - and banned?

However, 68 percent of the companies surveyed already stated that they are accelerating their zero trust projects, among other things due to the switch to hybrid working environments. Unlike VPNs, with the Zero Trust architecture, all network communications are considered potentially hostile and access is granted to authorized users first using identity-based validation policies. This ensures that IT and security teams exclude users - employees and third parties alike - from unauthorized applications. Granular access rights at the level of the individual application, without opening the entire network to users, prevent malware from spreading laterally in the network.

Since major security incidents and ransomware attacks that started over VPNs, traditional remote access technology has been considered one of the weakest links in the cybersecurity chain due to its vulnerability. Architectural flaws provide an entry point for threat actors and allow them to move laterally, leaving nearly two-thirds (65 percent) of the organizations surveyed considering alternatives for their remote access.

More at Zscaler.com

 


About Zscaler

Zscaler accelerates digital transformation so customers can become more agile, efficient, resilient, and secure. Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting people, devices, and applications anywhere. The SSE-based Zero Trust Exchange is the world's largest inline cloud security platform, distributed across 150+ data centers around the world.


 

Matching articles on the topic

Cyber ​​danger: HTML smuggling

With HTML smuggling, the malicious file is first created on the user's computer. That's why traditional anti-malware programs and sandboxes detect it ➡ Read more

Wireless security for OT and IoT environments

Wireless devices are becoming more and more common. This increases the number of access points through which attackers can penetrate networks. A new ➡ Read more

Professional cybersecurity for SMEs

Managed detection and response (MDR) for SMEs 24/7, 365 days a year. The IT security manufacturer ESET has expanded its offering ➡ Read more

Prevent malicious software from starting

A cyber protection provider has added a new feature to its security platform. It improves cybersecurity by preventing the launch of malicious or ➡ Read more

Pikabot: camouflage and deceive

Pikabot is a sophisticated and modular backdoor Trojan that first appeared in early 2023. His most notable quality lies in ability ➡ Read more

Ransomware-resistant WORM archives for data backup 

A data archive is a must for every company. Few people know: An active WORM archive can help to streamline data backup, ➡ Read more

Danger of election manipulation through cyber attacks

Cyberattackers are attempting to influence elections around the world using generative AI technology. The latest findings from the Global Threat Report ➡ Read more

Growing threats over the last year

In 2023, threats have increased significantly. Attacks via encrypted channels have increased by 24 percent. The manufacturing industry is back on track ➡ Read more