Your work VPN could actually be a security nightmare

(Image credit: Shutterstock)

The rapid shift to remote working during the pandemic has exposed the hidden vulnerabilities found in enterprise VPN services according to a new report from Zscaler published in collaboration with the Cybersecurity Insiders.

The Zscaler 2021 VPN Risk Report includes findings from a global survey of more than 350 cybersecurity professionals on the current state of remote access environments, the rise in VPN vulnerabilities and the role zero-trust security models play in providing access to enterprise applications.

For the last three decades, VPNs have been deployed as a means to provide remote users with access to resources on corporate networks. However, increased demand for remote work solutions, a shift to the cloud and advancements in digital transformation have highlighted the increased incompatibility between VPNs and true zero-trust security architectures. 

Since VPNs require access to the network and need to be exposed to the internet, they have significantly increased the attack surface for enterprise businesses and cybercriminals have begun to use this to their advantage when planning and launching attacks.

Moving from VPNs to zero-trust

According to Zscaler’s survey, 93 percent of companies surveyed have deployed VPN services despite the fact that 94 percent of respondents admitted that they are aware that cybercriminals are exploiting VPNs to access network resources.

Respondents also indicated that social engineering (75%), ransomware (74%) and malware (60%) are the most concerning attack vectors which are often used to exploit users connected to a VPN. As businesses have become increasingly concerned about VPN security, 67 percent of organizations are considering remote access alternatives to traditional VPNs.

Director of Zero Trust Solutions at Zscaler, Chris Hines provided further insight on how the move from VPNs to zero-trust solutions can benefit businesses in a press release, saying:

“It’s encouraging to see that enterprises understand that zero-trust architectures present one of the most effective ways of providing secure access to business resources. As organisations continue on their journey to cloud and look to support a new hybrid workforce, they should rethink their security strategy and evaluate the rising cybersecurity threats that are actively exploiting legacy remote access solutions, like VPN. The more secure approach is to completely leave network access out of the equation by taking the users securely and directly to the applications by brokering all user to app connections using a cloud-delivered zero trust access service instead.”

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.