As more companies have employees returning to the office, several workplaces continue to rely on VPNs to support a combination of hybrid and distributed work environments that often span multiple geographies. In addition to remote employees, some organisations extend network access to other external stakeholders, including customers, partners, and contractors.
In many cases, these users who are connecting from untrusted devices on insecure networks, are granted far more freedom than necessary. This results in additional security risks. Unlike cumbersome and insecure VPNs, Zero Trust architecture improves organisational security posture without sacrificing the user experience. In addition, Zero Trust allows IT teams to keep the location of their network and applications secret, reducing the attack surface and threat of internet-based attacks.
About 95% of surveyed workplaces still rely on VPNs to support a combination of hybrid and distributed work environments, according to a report released by cloud security provider Zscaler. More than half of the surveyed executives indicated they were moving to Zero Trust projects.
The report also stated that while 44% of cybersecurity professionals have witnessed an increase in exploits targeting their business VPNs in the last year, most businesses continue to rely on legacy network security architecture, as it is deeply entrenched in corporate data centres.
Also Read |Tech firms say India cyber rules risk creating ‘environment of fear’
Zscaler’s 2022 VPN Risk Report included analysis of the state of the remote access environment, the most prevalent VPN risks, and the growth in adoption of Zero Trust architecture.
It stated that despite high awareness of VPN risks, remote work forced many companies to rely more heavily on legacy access methods during the COVID-19 pandemic.
The shift to remote work also prompted cybercriminals to continue taking advantage of long-standing security vulnerabilities and increasing attacks on VPNs. These attacks include both ransomware and malware attacks.
The report noted a sharp spike in cyberattacks that are tailored to target VPN users. As VPNs grant a greater degree of trust to users when compared to Zero Trust architecture, cybercriminals are more active in seeking to gain unauthorised access to network resources through exposed attack surfaces.
“As evident in several high-profile breaches and ransomware attacks, VPNs continue to be one of the weakest links in cybersecurity. Their architecture deficiencies provide an entry point to threat actors and offer them an opportunity to move laterally and steal data,” said Deepen Desai, Global CISO of Zscaler.
Zero trust security architecture is thought to improve organisational security without sacrificing user experience as they allow IT teams to conceal the location of their network and applications.
Zero trust architecture enforces access policies based on context that might include the user’s device, its location, and also the data being transferred between the organisation and the user. It could include the use of multi-factor authentication methods in addition to passwords and single authentication methods like biometrics or one-time codes, to ensure that the data flow between organisations and their employees is secure.
The report is based on a survey of 351 IT and cybersecurity professionals with respondents ranging from technical executives to IT security practitioners across North America, with global workforces.
