Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Say Goodbye to VPNs
September 27, 2022
All too many people think virtual private networks (VPNs) are their salvation from cyberattacks and a totally secure method to access their business/firm networks. Sorry to be the bearer of bad news, but VPNs are not where you want to be today in the technology landscape. CSO reported that 97% of enterprises say VPNs are prone to cyberattacks with 44% of organizations experiencing an increase in exploits targeting VPNs. We can attest to the significant increase in VPN usage since the beginning of the pandemic, which is concerning since “there are almost 500 known VPN vulnerabilities listed on the CVE (common vulnerabilities and exposures) database.”
What’s that saying? Jump from the frying pan into the fire? Ananth Nag, senior regional vice president at Zscaler said, “It is unsurprising that VPN is no longer able to keep up with the hybrid and remote access requirements of today. VPNs were created at a time when network topologies were vastly different when there was a single corporate network everyone was accessing.”
A Zscaler reported noted, “Breaches show that it only takes one infected device or stolen credential to put an entire network at risk, which is why cybercriminals are targeting users by accessing through a VPN.” Scary stuff. It’s pretty disappointing, but not surprising, that the cyber insurance carriers think that a VPN is a much preferred solution over a secure implementation of RDP. So, what’s the solution? You need to start thinking about moving to a Zero Trust architecture. According to Zscaler, “Zero Trust architecture, unlike VPNs, does not bring the users on the same network as business-critical information, prevents lateral movement with user-app segmentation.” Probably the more important step today is to budget for Zero Trust.