Traditionally, Virtual Private Networks (VPNs) have facilitated basic remote access. The rapid growth in the distributed workforce and increasing adoption of cloud technologies are challenging the basic connectivity that VPN offers. As the threat landscape rapidly evolves, VPNs cannot provide the secure, segmented access organizations need. Instead, VPNs often provide full access to the corporate network, increasing the chances of cyberattacks once bad actors gain access through login credentials. In addition, VPNs connect multiple sites, allow access to third parties, support unmanaged devices, and enable IoT device connectivity. However, these varied use cases stretch VPNs beyond their initial purpose and design, often creating security gaps in the face of an increasingly complex and changing threat landscape.
This comprehensive report, based on a survey of 382 IT professionals and cybersecurity experts, explores these multifaceted security and user experience challenges. The 2023 VPN Risk Report reveals the complexity of todayās VPN management, user experience issues, vulnerabilities to diverse cyberattacks, and their potential to impair organizationsā broader security posture. The report also outlines more robust security models, with zero trust emerging as a viable option to secure and accelerate digital transformation.
KEY FINDINGS FROM THE SURVEY INCLUDE:
VPN Vulnerabilities and Cybersecurity Impacts: Despite their critical role, VPNs pose security risks, with 88% of organizations expressing a slight to extreme concern that VPNs may jeopardize their environmentās security. Furthermore, 45% of organizations confirmed experiencing at least one attack that exploited VPN vulnerabilities in the last 12 months – one in three became victim of VPN-related ransomware attacks. The increasing threat of cyberattackers exploiting VPN vulnerabilities underscores the urgent need to address the security of current VPN architectures.
VPN Use and User Experience: VPNs have a broad spectrum of use, with 84% of respondents identifying remote employee access as their primary application. However, users reported a less than optimal experience, with a majority of users dissatisfied with their VPN experience (72%), highlighting the need for more user-friendly and reliable remote access solutions in the digital workplace.
Primary Attack Vectors: One in two organizations have faced VPN-related attacks in the last year. VPN attack vectors need special attention due to their critical roles in business operations and communication. Additionally, third-party users such as contractors and vendors serve as potential backdoors or malicious access to networks, further complicating the job of network security teams. In the survey, 9 of 10 respondents expressed concern about third parties serving as potential backdoors into their networks through VPN access.
Embracing Zero Trust: The transition to a zero trust model is high on the agenda for a majority of organizations. About 9 of 10 respondents identified adopting zero trust as a focus area, and more than a quarter (27%) are already implementing Zero Trust. 37% of respondents are planning to replace their VPN with Zero Trust Network Access (ZTNA) solutions.
We are grateful to Zscaler for their contribution to this VPN risk survey. Their expertise in zero trust and secure access solutions has significantly enriched our findings.
We are confident that the insights from this report will be an essential resource for IT and cybersecurity professionals on your journey toward zero trust security.
