sb-as logo
Story image

Are your employees putting your organisation at risk? Survey says 25% of employees bypassing secure VPN

20 Jun 2016

New results have shown that as much as 25% of your workforce may be bypassing secure Virtual Private Networks (VPNs) to access the internet through their mobile device.

Zscaler reports that more than 70% of Australian organisations' employees access enterprise business applications from a mobile device.

One in four of these organisations are being put at risk by up to 25% of staff who use content from the internet instead of through the organisation's own secure VPN.

The Zscaler report surveyed 100 chief security officers (CSOs) and found that 84% of organisations have used a VPN for remote access for specific business application access.

  • 36% of respondents also thought VPN was a concern because it provides employees access with access to the entire corporate network
  • One third of CSOs has seen a marked increase of between 25%-50% in mobile device usage in the organisation over the last twelve months
  • 60% of these users are using their devices to use business applications more than 25% of the time
  • 54% percent of CSOs store 25% of business applications in the cloud
  • 25% percent of CSOs store between 25%-50% of applications in the cloud
  • The number expected to store more than 50% of their applications in the cloud is expected to grow to 28% in the next twelve months

These trends are driven by what Scott Robertson, Zscaler VP Asia Pacific and Japan VP calls "consumerisation of the enterprise", as well as the trend towards cloud computing, mobile computing and threat evolution.

Mobile devices are a double-edged sword as they have brought forth security threats and attacks through the sheer number of mobile apps. This can be difficult for organisations to manage, Robertson says.

Robertson states that users can download unvetted apps that open up attack opportunities, but also issues between personal privacy with corporate security across visible and non-visible platforms.

The apps may be connecting to botnets, downloading malware or exfiltrating data, without users ever being aware of what is really going on, Robertson says.

Robertson believes that PC-era security technology that is put on mobile devices is simply not enough to secure mobile security.

True mobile security requires the ability to understand and classify mobile applications through traffic patterns, identify threats in real time and enable quick corrective action. Today’s modern cloud security platforms enables businesses to embrace these innovations securely, while delivering a superior user experience,” Robertson concludes.

Story image
Entrust launches cloud-based ID issuance solution
The Sigma instant ID solution uses encryption, trusted HSM technology and secure boot to issue highly secure physical and mobile identities.More
Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More
Story image
The business case for an in-house ethical hacker
Ethical hackers, also known as penetration testers or white-hat hackers, mimic the techniques used by malicious hackers to try and break into computer systems and discover vulnerabilities before the bad guys can exploit them.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
Gigamon and Zscaler release cloud-first network detection for fluid workforces
“Our customers have significantly accelerated their digital transformation journeys during the pandemic, and this integration will help them better respond to threats.”More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More