Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

2/16/2021
11:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New VPN Risk Report by Zscaler Uncovers Hidden Security Risks Impacting Enterprises

SAN JOSE, Calif., Feb. 16, 2021 (GLOBE NEWSWIRE) -- Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced a new study that examines hidden vulnerabilities found in enterprise virtual private networks (VPNs) and spotlights the need for a zero-trust security approach to mitigate threats. Published in collaboration with the Cybersecurity Insiders, the report includes findings from a global survey of more than 350 cybersecurity professionals on the current state of remote access environments, the rise in VPN vulnerabilities, and the role zero-trust security models play in providing access to enterprise applications. To download the full study, see the Zscaler 2021 VPN Risk Report.

For the last three decades, VPNs have been deployed to provide remote users with access to resources on corporate networks. However, the increased demand for remote work solutions, a shift to the cloud, and advancements in digital transformation have uncovered increased incompatibility between VPNs and true zero-trust security architectures. These incompatibilities, largely due to VPNs inherent need for access to the network, and need to be exposed to the Internet, have increased the enterprise attack surface allowing threat actors to exploit these legacy models based on their inherent trust of users.

The 2021 Zscaler VPN Risk Report highlights the current VPN usage by enterprises and uncovered the list of top challenges faced by IT administrators who manage VPNs. It recommends security alternatives that exist for network and security leaders wanting to provide fast, seamless and secure access to business apps without compromising their existing zero trust security strategies, and includes data that provides a glimpse into the role that zero trust will play in the future of remote access. The survey findings show:

  • 93 percent of companies surveyed have deployed VPN services, despite 94% of those surveyed admitting that they are aware that cybercriminals are exploiting VPNs to access network resources.
  • Respondents indicated that social engineering (75%), ransomware (74%), and malware (60%) are the most concerning attack vectors and are often used to exploit users accessing VPNs.
  • With nearly three out of four businesses concerned with VPN security, 67% of organizations are considering remote access alternatives to the traditional VPN.
  • As a result of growing VPN security risks, 72% of companies are prioritizing the adoption of a zero-trust security model, while 59% have accelerated their efforts due to the focus on remote work.
  • Looking at the future need for zero trust services, the report states that 77% of respondents indicated that their workforce will be hybrid, with greater flexibility for users to work remotely or in the office.

“It’s encouraging to see that enterprises understand that zero-trust architectures present one of the most effective ways of providing secure access to business resources,” said Chris Hines, Director, Zero Trust Solutions, Zscaler. “As organizations continue on their journey to cloud and look to support a new hybrid workforce, they should rethink their security strategy and evaluate the rising cybersecurity threats that are actively exploiting legacy remote access solutions, like VPN. The more secure approach is to completely leave network access out of the equation by taking the users securely and directly to the applications by brokering all user to app connections using a cloud-delivered zero trust access service instead.”

The full findings of the Zscaler VPN Risk Report are now available to the public. Please see the 2021 VPN Risk Report for more information.

About Zscaler
Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SASE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20027
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids ...
CVE-2021-27196
PUBLISHED: 2021-06-14
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the...