According to a survey, while many companies want to rely on zero trust, 95 percent of companies still use VPN to enable hybrid work and distributed work environments across branch offices. However, almost half of the companies also noticed the attacks on VPN.
For decades, companies around the world have relied on VPN to secure remote access. For many IT security departments, going through a secure tunnel into the company network was the best way to protect the company from unauthorized access while still allowing employees remote access. But over the years, this option proved increasingly dangerous.
Attackers are looking for VPN ways into the company
Not only employees use the tunneled access to the company network, but also attackers. There are now nearly 500 known VPN vulnerabilities in the CVE database, which hackers use to gain unauthorized access, and the number of security incidents is steadily increasing. To contain the risk of incidents, Zero Trust-based security approaches are used to minimize the attack surface for companies.
Trends such as working from home or anywhere make it clear that remote access is very popular. Businesses have recognized the benefits of flexible working, especially during the pandemic, and have switched to remote work to remain productive and profitable. The current VPN Risk Report study by Cybersecurity Insiders on behalf of Zscaler among 350 IT security professionals shows that 78 percent of the companies surveyed want to rely on a hybrid workforce in the future. With the rise of remote working, new security technologies are being evaluated, and 80 percent of decision makers said their organization is at least on the way to adopting Zero Trust.
Zero Trust secures remote access
The report's findings also show that the number of VPN-specific security threats has increased. According to the report, 44 percent of cybersecurity professionals have seen an increase in attacks on their companies' VPNs over the past year due to remote working. The use of conventional VPN architectures allows too many external accesses to pass unhindered. Malicious actors exploit the attack surface to penetrate networks and launch ransomware, phishing attacks, denial of service attacks, and other methods to exfiltrate critical business data.
95 percent use VPN for hybrid work!
However, 95 percent of the companies surveyed still rely on VPNs to enable hybrid work and distributed work environments across branches. In addition to employees in remote locations, large companies often allow other external third parties such as customers, partners and contractors access to the network. In some cases, these users connect from untrusted devices over insecure networks and are given far more access permissions than necessary, leading to additional security risks. In contrast to VPNs that are complex to manage, a Zero Trust architecture improves the company's IT security without compromising user-friendliness. Such an approach makes the company's application landscape invisible to attackers on the Internet: What is not exposed on the Web cannot be attacked either.
Danger recognized - and banned?
However, 68 percent of the companies surveyed already stated that they are accelerating their zero trust projects, among other things due to the switch to hybrid working environments. Unlike VPNs, with the Zero Trust architecture, all network communications are considered potentially hostile and access is granted to authorized users first using identity-based validation policies. This ensures that IT and security teams exclude users - employees and third parties alike - from unauthorized applications. Granular access rights at the level of the individual application, without opening the entire network to users, prevent malware from spreading laterally in the network.
Since major security incidents and ransomware attacks that started over VPNs, traditional remote access technology has been considered one of the weakest links in the cybersecurity chain due to its vulnerability. Architectural flaws provide an entry point for threat actors and allow them to move laterally, leaving nearly two-thirds (65 percent) of the organizations surveyed considering alternatives for their remote access.
More at Zscaler.com
About Zscaler Zscaler accelerates digital transformation so customers can become more agile, efficient, resilient, and secure. Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting people, devices, and applications anywhere. The SSE-based Zero Trust Exchange is the world's largest inline cloud security platform, distributed across 150+ data centers around the world.