The increased demand for remote work solutions, a shift to the cloud, and advancements in digital transformation have uncovered increased incompatibility between VPNs and true zero-trust security architectures. These incompatibilities, largely due to VPNs inherent need for access to the network, and need to be exposed to the Internet, have increased the enterprise attack surface allowing threat actors to exploit these legacy models based on their inherent trust of users. Published in collaboration with Cybersecurity Insiders, the Zscaler VPN Risk Report 2021 highlights VPN usage by enterprises and uncovered the list of top challenges faced by IT managers who administer VPNs.

Zscaler’s VPN Risk Report 2021 headline findings include:

1. 93% of companies surveyed have deployed VPN services, despite 94% of those surveyed admitting that they are aware that cybercriminals are exploiting VPNs to access network resources

2. Social engineering (75%), ransomware (74%) and malware (60%) are the most concerning attack vectors and are often used to exploit users accessing VPNs

3. With nearly 75% of businesses here polled concerned with VPN security, 67% of organisations are considering remote access alternatives to the traditional VPN

4. As a result of growing VPN security risks, 72% of companies are prioritising the adoption of a zero-trust security model, while 59% have accelerated their efforts due to the focus on remote work

5. Looking at the future need for zero trust services, the report states that 77% of respondents indicated that their workforce will be hybrid, with greater flexibility for users to work remotely or in the office