More than half of organizations have been targets of cyberattacks exploiting VPN (virtual private network) security vulnerabilities in the last year, underscoring the growing imperative to move away from traditional perimeter-based defenses and toward more robust zero trust security architecture, according to findings from cloud security provider Zscaler.
The company’s annual 2024 ThreatLabz VPN Risk Report found that 78 percent of surveyed organizations plan to actively implement zero trust strategies within the next 12 months.
Zscaler surveyed over 600 professionals across the security, IT, and networking sectors, finding that 56 percent experienced a VPN-related cyberattack.
“Over the past year, numerous critical VPN vulnerabilities have served as successful entry points for attacks on large enterprises and federal entities,” said Deepen Desai, chief security officer at Zscaler. “Considering these repeated outcomes, it’s crucial for enterprises to anticipate that threat actors will increasingly exploit these legacy, internet-exposed assets – appliances and virtual – that enable them to easily navigate laterally across traditional flat networks.”
“It is essential to transition to a Zero Trust architecture, which significantly reduces the attack surface by eliminating legacy technologies like VPNs and Firewalls, enforces consistent security controls with TLS inspection, and limits the blast radius with segmentation & deception, thereby preventing damaging breaches,” he added.
The survey found that, among those surveyed, 91 percent voiced apprehension regarding VPNs as weak entry points in their IT infrastructure, highlighted by recent breaches that exposed the dangers of relying on outdated or unpatched VPN infrastructure.
Zscaler noted the “high-profile” breach and critical VPN vulnerability uncovered from large vendor Ivanti earlier this year as one reason companies should shift towards a zero trust model.
“Among enterprises who were breached via VPN vulnerabilities, a majority of impacted enterprises say threat actors moved laterally on the network, demonstrating significant containment failures after the initial point of compromise,” the report says. “To help minimize the blast radius and mitigate risk from VPN vulnerabilities, Zscaler strongly urges the adoption of a Zero Trust architecture.”
According to the Zscaler report, a zero trust architecture will help enterprises minimize the attack surface; prevent compromise; and eliminate lateral movement.