A new report from Cybersecurity Insiders focuses on the use of virtual private networks. The fact that they are a part of the infrastructure in almost every organization in every industry is known. It is also known that the use of VPNs increased dramatically in 2020 as huge swaths of the global labor force began to work remotely. But it seemed unlikely that VPN risks were well understood. Why would organizations continue to invest in technology that is both unpopular with users and vulnerable to attack?
Cybersecurity Insiders set out to find out by examining VPN trends with a specific focus on risk.
The 2021 VPN Risk Report is based on a survey of cybersecurity professionals—with more than half of respondents at the director level and above—who offered insight into their remote access environments, how and where users are connecting, the challenges they’re facing, including the rise in VPN vulnerabilities, and whether zero trust will begin to play a role in their remote access strategy.
Their answers revealed that IT leaders have been in a real bind. They need to provide remote access to applications in the data center and cloud, but the technology they’ve relied upon for decades is exposing them to risk—and they know it. Here are some of the report’s key findings:
VPNs have been used for remote access for nearly 30 years and they remain practically ubiquitous. In the survey, 93 percent of respondents reported that they are leveraging VPN services. Even so, 94 percent are aware that VPNs are vulnerable to cybercrime, with attackers targeting remote workers as they try to get access to business resources through the VPN. It would have been hard to miss the countless articles about VPN exploits in 2020, and the news of almost 500 known VPN vulnerabilities listed on the CVE database.
Not only are IT leaders aware of the risk, but nearly three out of four are concerned that the VPN may hinder their ability to keep their organizations secure. So, why are people still using VPN if they know it puts their business at risk?
Besides the remote desktop protocol (RDP), which has vulnerabilities of its own, there haven’t been viable alternatives to VPN for decades. Luckily, there are alternatives now, and the following finding from the report shows that they are gaining traction.
Two-thirds of enterprises are considering alternatives to the VPN. Gartner analyst Rob Smith says, “Corporate VPN is an aging technology as organizations shift to more cloud-based services.” He added, “However, in the wake of the global coronavirus pandemic, companies are realizing they have to fundamentally change the way they work.”
The report supports this assertion, as it shows that companies are reevaluating their long-term access strategies and looking to adopt more modern technologies and approaches.
Most companies are making zero trust a priority.
While the concept of zero trust has been around for years, the report shows a huge uptick in enterprises seeking to implement a zero trust model. Seventy-two percent of respondents are prioritizing zero trust, and 59 percent are accelerating their adoption due to the increase in remote work.
Part of this shift towards a new model is due to the steady movement towards digital transformation, but it also appears that the pandemic has been a catalyst for organizations not only to prioritize zero trust projects, but to accelerate them forward.
An increasing number of organizations have been adopting a zero trust approach to provide secure remote access to internal applications, and the pandemic seems to be accelerating this adoption as organizations prepare for a hybrid workforce, with employees working in the office on some days and remotely on others.
Read the full report for all the insights on remote workers, BYOD, VPN use during the pandemic, and what organizations anticipate in the years ahead. Download the Cybersecurity insiders report today.