VPN Risk Report Finds More Than Half of Organizations Experienced a VPN-related Cyberattack in the Last Year - Seite 2
“Over the past year, numerous critical VPN vulnerabilities have served as successful entry points for attacks on large enterprises and federal entities,” said Deepen Desai, CSO at Zscaler. “Considering these repeated outcomes, it’s crucial for enterprises to anticipate that threat actors will increasingly exploit these legacy, internet-exposed assets — appliances and virtual — that enable them to easily navigate laterally across traditional flat networks. It is essential to transition to a Zero Trust architecture, which significantly reduces the attack surface by eliminating legacy technologies like VPNs and Firewalls, enforces consistent security controls with TLS inspection, and limits the blast radius with segmentation & deception, thereby preventing damaging breaches.”
Key VPN vulnerability exploits
The report identifies ransomware attacks (42%), malware infections (35%), and DDoS attacks (30%), as the top threats exploiting VPN vulnerabilities. These statistics emphasize the extensive risks
organizations face due to the inherent weaknesses in traditional VPN architectures, reinforcing the need for a shift to Zero Trust architecture. Notably, the report revealed that 78% of surveyed
organizations plan to actively implement Zero Trust strategies within the next 12 months. Additionally, 62% of enterprises acknowledge that VPNs go against the principles of Zero Trust and that
even delivering VPNs through the cloud does not constitute a Zero Trust architecture.
Lesen Sie auch
Stop the spread
Among enterprises who were breached via VPN vulnerabilities, a majority of impacted enterprises say threat actors moved laterally on the network, demonstrating significant containment failures
after the initial point of compromise. To help minimize the blast radius and mitigate risk from VPN vulnerabilities, Zscaler strongly urges the adoption of a Zero Trust architecture. A Zero Trust
architecture will help enterprises:
- Minimize the attack surface by making apps invisible to the internet, making them more difficult for attackers to discover and target
- Prevent compromise with inline traffic and content inspection to detect and block malicious activity and shield resources from unauthorized access or data exfiltration
- Eliminate lateral movement by segmenting and connecting users directly to applications instead of the network, thus limiting an attackers’ opportunities for unauthorized access and lateral spread