New VPN Risk Report: Third-Party Access Identified as a Huge Risk to Organizations


By Dan Gould + Director of Product Marketing

Ninety percent of organizations are apprehensive that attackers will target them through third-party-owned VPNs. Not only that—user satisfaction and security will also take a beating. Read on to find out more.

A just-released 2023 survey report by Cybersecurity Insiders, accredited by Zscaler, highlights the many benefits to organizations when they move away from legacy solutions, spurring on any organization that may be delaying the adoption of zero trust network access (ZTNA) and its clear user productivity and security advantages.

Virtual private networks (VPNs), the de facto remote access solution for the last 30 years, have more recently been constant targets of sophisticated cyberattacks. In the world of hybrid work, where users and applications are distributed, traditional remote access solutions that backhaul traffic to a single data center hinder productivity with a poor user experience, connectivity issues, and inconsistent access experience. In addition, VPNs give all users—employees and third-party users alike—access to the full network to reach applications.

The 2023 VPN Risk Report details the challenges users and IT professionals face in using and maintaining VPNs, and examines new technologies that can help them overcome these challenges to support user efficiency and business growth.

Third-party security concerns with VPN access
The report shows that 90% of organizations are concerned about attackers exploiting third-party vendors to gain backdoor access into their networks. Outside users like contractors and vendors remain integral to business growth, but they can put an organization at risk due to varied security standards, lack of visibility into their network security practices, and more, further complicating the job of managing third-party access and network security in general.

Cyberattackers exploiting VPN vulnerabilities
According to the report, nearly 1 in 2 organizations have experienced VPN-related attacks in the past 12 months and are aware of potential threats to their organizations opened up by VPNs. This underlines the need for a remote access tool that doesn’t expose organizations to external and internal threats.

The report also shows security and IT leaders are increasingly concerned about cyberattackers exploiting VPN vulnerabilities, emphasizing the urgent need to address the security of current VPN architectures.

Zscaler’s next-generation ZTNA solution, Zscaler Private Access (ZPA), enables secure access to private applications while ensuring users have the best experience to maintain high productivity. ZPA can help you:

  • Minimize the attack surface: ZPA can replace your VPN infrastructure and provide direct access to internal applications. With these apps invisible to the internet, you minimize the visibility and accessibility of critical assets.

  • Prevent compromise: ZPA analyzes network traffic for malicious content and data loss. Implementing inline traffic and content inspection blocks malicious activities, shielding resources from unauthorized access or data exfiltration.

  • Eliminate lateral movement: With ZPA, users connect directly to applications instead of the network. By isolating users from the internal network, you limit attackers’ opportunities for unauthorized access and lateral spread within your infrastructure.

Download the report here

Sustaining Partners