IT companies react to a surge in business VPN-based attacks

Polygonal vector illustration of the virtual private network's shield reading VPN and world map on the background
(Image credit: Shutterstock)

With remote and hybrid work becoming a common practice, companies are relying more and more on the best VPN services to protect their network. 

At the same time, attacks targeting business VPNs appear to be worryingly on the rise. 

"Cybercriminals continue to take advantage of long-standing security vulnerabilities and increased attacks on VPNs," read a new report carried on by cloud security company Zscalert. 

This is why 65% of the companies surveyed are now considering adopting VPN alternatives based on a Zero Trust model. 

44% of the respondents see a surge in VPN attacks

"As evident in several high profile breaches and ransomware attacks, VPNs continue to be one of the weakest links in cybersecurity. Their architecture deficiencies provide an entry point to threat actors and offer them an opportunity to move laterally and steal data,” said Deepen Desai, Global CISO of Zscaler. 

For the 2022 VPN Risks report, the security company surveyed 350 IT professionals across North America businesses.

Nearly half of the respondents (44%) said to have witnessed a surge in exploits against their VPNs since the shift to remote and hybrid work.

Among the most concerning types of cyberattacks there are ransomware (78%), social engineering (70%), malware (66%), web applications (49%) and DDos attacks (45%).

Under this light, the great majority of companies are now concerned that the use of VPN services could compromise the security of their IT network. 

This is why around three out of five companies surveyed said that they are considering switching to VPN alternatives, with 80% of those actively working towards a Zero Trust security model. 

What is Zero Trust? 

The Zero Trust model is a security strategy based on the fact that implicit trust cannot be granted to any user, device or web app. Unlike a VPN-based security infrastructure, all the exchanges of data are here treated as potentially hostile.

It is based on three core principles. The first is to always verify, authenticate and authorize every connection attempt at all times.

Then, for minimizing the risks, any users or applications should have only the minimum access required to perform their job effectively.

Finally, a Zero Trust architecture is built in a way able to shrink the impact zone as much as possible in case of attacks and/or breach. 

“To safeguard against the evolving threat landscape, organizations must use a Zero Trust architecture that, unlike VPN, does not bring the users on the same network as business-critical information, prevents lateral movement with user-app segmentation, minimizes the attack surface, and delivers full TLS inspection to prevent compromise and data loss,” said Desai.

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com