sb-as logo
Story image

Enterprises look to zero trust network access to thwart VPN attacks

08 Nov 2019

An increase in the number of vitual private network (VPN) attacks is causing businesses to shift towards a new model of network security: Zero Trust Network Access.

According to a report from Zscaler and Cybersecurity Insiders, 78% of the 315 polled IT and security professionals plan to implement Zero Trust Network Access (ZTNA) at some time in the future; 59% plan to implement it in the next 12 months, and 15% have already implemented done so.

Zscaler explains that ZTNA services are built to ensure that only authorised users can access specific applications based on business policies. Unlike VPNs, users are never placed on the network and apps are never exposed to the internet. According to the company, this creates a zero attack surface, protecting the business from threats like the recent wave of malware and successful VPN attacks.

Two-thirds of polled IT security professionals (66%) say they are most excited about zero trust’s ability to deliver least privilege access to protect private apps. This is followed by apps no longer being exposed to unauthorized users or the Internet (55%), and access to private apps no longer requiring network access (44%).

Zscaler CIO Patrick Foxhoven comments that state-sponsored groups exploit known flaws in VPNs, which means organisations need to reduce their attack surface. They can do this by rethinking how they secure and provide access to their apps in a cloud and mobile-first world.

The report found that 53% of respondents believe their current security technology can mitigate their risk even though legacy technologies directly connect users to the network - expanding the attack surface.

“Though it is encouraging to see so many organisations are pursuing ZTNA to close gaps created by VPNs, I am surprised that more than half of those surveyed believe their current infrastructure is reliable enough to protect the enterprise,” Foxhoven continues.

The highest security priority for application access is privileged account management of users and multi-factor authentication (68%). This is followed by detection of, and response to, anomalous activity (61%) and securing access from personal, unmanaged devices (57%).

Additionally, 61% of organisations are concerned about partners with weak security practices accessing internal applications, despite their own internally weak security practices.

Furthermore, BYOD is still an IT security reality in 2019 as 57% of organisations are prioritizing secure access from personal, unmanaged devices.

The 2019 Zero Trust Adoption report surveyed 315 IT and cybersecurity professionals across multiple industries.

Story image
NCC Group chosen to help improve IoT security standards for all sectors
“At NCC Group, security is in our DNA and that's why we're excited to work with the ioXt Alliance in raising security standards within the IoT ecosystem."More
Story image
54% rise in gaming-related cyber attacks recorded in April
Social isolation measures, widely implemented throughout the world during March and April, has been linked to both the increase in engagement for gaming and a corresponding boom in game-related cyber attacks.More
Story image
Why DX is not complete without a transformed security architecture
Secure Access Services Edge (SASE) is the process by which core WAN edge capabilities like SD-WAN, routing, and WAN optimisation at branch locations are integrated with cloud-based security services like secure web gateways, firewall-as-a-service, cloud access security brokers, and more.More
Story image
Cyber attacks use LinkedIn to target companies and employees
The attacks, which ESET researchers have called Operation In(ter)ception, took place from September to December 2019 and are notable for using LinkedIn-based spearphishing. More
Story image
Training is essential to build cybersecurity awareness
More than ever, businesses need to ensure that all their workers have the right skills and training to protect the business from cybercrime.  More
Story image
Top 10 riskiest IoT devices for enterprises, according to Forescout
IoT devices can become attack vectors for hackers to gain access to enterprise networks, and recent Forescout research shows businesses need to be aware of this and put adequate security measures in place.More