Organizations have relied on VPNs for decades to deliver secure remote access to employees. During the COVID-19 pandemic, companies were forced to rapidly shift to remote work to stay productive and profitable. However, using VPN for remote access puts those organizations at significant risk, as traditional VPN architectures often trust too readily and excessively. Bad actors can exploit the VPN attack surface to infiltrate the network and launch ransomware, phishing attacks, denial of service, and other means of exfiltrating critical business data. As reported by countless news articles about VPN exploits, almost 500 known VPN vulnerabilities are listed on the CVE database.
This 2022 VPN Risk Report surveyed 351 cybersecurity professionals to provide fresh insight into the state of remote access and VPN within the enterprise, the rise in VPN vulnerabilities, and the role that zero trust plays in enabling the next generation of secure access.
Key findings include:
- 78% of organizations are concerned about ransomware attacks
- 44% witnessed an increase in exploits targeting their VPN since adopting remote work
- 65% of companies are considering adopting VPN alternatives
- 80% of companies are in the process of adopting zero trust in 2022
- 68% say their focus on remote work accelerated the priority of zero trust projects, up from 59% in 2021