With remote and hybrid work becoming common practice, businesses are increasingly relying on the best VPN services to protect their network.
At the same time, attacks targeting commercial VPNs appear to be increasing at an alarming rate.
"Cybercriminals continue to take advantage of longstanding security vulnerabilities and increasing VPN attacks," reads a new report from cloud security company Zscalert.
That's why 65% of businesses surveyed are now considering adopting VPN alternatives based on a Zero Trust model.
44% of respondents see an increase in VPN attacks
“As evidenced by several high-profile breaches and ransomware attacks, VPNs remain one of the weakest links in cybersecurity. Its architectural flaws provide an entry point for threat actors and give them the ability to move laterally and steal data,” said Deepen Desai. , Global CISO of Zscaler.
For the 2022 VPN Risk Report (opens in a new tab), the security firm surveyed 350 IT professionals from North American companies.
Nearly half of those surveyed (44%) said they have seen an increase in vulnerabilities against their VPNs since the move to remote and hybrid work.
Among the most concerning types of cyberattacks are ransomware (78%), social engineering (70%), malware (66%), web applications (49%) and DDoS attacks (45%).
In this context, the vast majority of companies now fear that the use of VPN services will compromise the security of their IT network.
That's why around three in five companies surveyed said they were considering switching to VPN alternatives, with 80% actively working towards a Zero Trust security model.
What is Zero Trust?
The Zero Trust model is a security strategy based on the fact that implicit trust cannot be granted to any user, device or web application. Unlike a VPN-based security infrastructure, all data exchanges here are treated as potentially hostile.
It is based on three fundamental principles. The first is for always verify, authenticate and authorize every login attempt all the time.
So, to minimize the risk, all users or applications should have only the minimum access required to do your job efficiently.
Finally, a Zero Trust architecture is built to minimize impact area in case of attacks and/or violations.
"To protect against the changing threat landscape, organizations must employ a Zero Trust architecture that, unlike VPN, does not bring users onto the same network as critical business information, prevents lateral movement with user application segmentation , minimizes the attack surface and provides full TLS inspection to prevent compromises and data loss,” Desai said.
