Nearly half of IT pros see a surge in VPN attacks: Report

Seven out of 10 companies are concerned that virtual private networks (VPNs) are becoming a major threat to their businesses and nearly half (44%) of information technology (IT) professionals have seen an increase in increase in exploits targeting their virtual private networks (VPNs) since adopting remote or hybrid work in the last one year, according to a recent study.

While on one hand, VPN, a service that creates a safe, encrypted online connection have become indispensable for enterprises for protecting their internal network connections from external threats, and is a security tool in itself, on the other, unpatched and outdated VPNs can host critical vulnerabilities, and attackers can exploit these flaws to compromise targets’ systems.  

The study findings by American cloud security company, Zscaler, as part of its annual VPN Risk Report 2022, polled over 350 IT professionals in organizations with global workforces across North America, Europe and Asia, also noted that 65% of companies are considering adopting VPN alternatives, up from 59% in 2021. 

“As evident in several high-profile breaches and ransomware attacks, VPNs continue to be one of the weakest links in cybersecurity. Their architecture deficiencies provide an entry point to threat actors and offer them an opportunity to move laterally and steal data,” said Deepen Desai, Global Chief Information Security Officer (CISO) of Zscaler.

Current VPN solutions require employee and third-party access to the corporate network (26%) is the biggest challenge as reported by organisations. This obstacle is followed by the high cost of security appliances and infrastructure (23%) and lack of visibility into user activity (18%), the report showed.

That said, nine out of 10 respondents continue to use VPN to protect their confidential data, showed the Zscaler report. Also, according to data based on the VPN Adoption Index by US-based VPN provider Atlas VPN, VPN downloads reached 785 million in 2021, representing a 184% increase YoY. In 2020, the data encryption tool downloads stood at 277 million.  India became the country with the highest rate of growth in the use of VPN services worldwide. 

During the first half of 2021, 348.7 million VPNs were installed, showing a 671% jump in growth when compared to the same period in 2020, the report said.  It further added that the massive growth can be attributed to continuous internet shutdowns, rise in digital scams, and the need for users to protect themselves online. 

Ongoing risks from legacy VPNs have created a gradual shift towards Zero Trust Security, which provides greater control and flexibility for effective remote access management. The Zscaler survey showed that since the shift to remote and hybrid work environments, 68% of surveyed companies have indicated that they are accelerating their Zero Trust projects. 

The report further said, unlike VPNs, Zero Trust architecture treats all network communications as potentially hostile and requires tightening access using identity-based validation policies. "This ensures IT and security teams can restrict users from off-limits applications and prevent malicious intruders from taking advantage of granted access to move laterally within the network, thereby reducing the possibilities of attack," it said.