Zscaler: Zero Trust is Essential in the Fight Against Cyberattacks

May 25, 2024
1 min read


TLDR:

  • More than half of organizations have been targeted by cyberattacks exploiting VPN vulnerabilities in the last year.
  • Zscaler’s 2024 ThreatLabz VPN Risk Report highlights the need for organizations to shift towards a zero trust security architecture.

Zscaler’s annual 2024 ThreatLabz VPN Risk Report reveals that 56 percent of organizations surveyed experienced a VPN-related cyberattack. These findings emphasize the importance of moving away from traditional perimeter-based defenses and adopting a more robust zero trust security architecture. The report also shows that 78 percent of surveyed organizations plan to actively implement zero trust strategies within the next 12 months. Zscaler’s Chief Security Officer, Deepen Desai, emphasizes the critical need for enterprises to transition to a Zero Trust architecture to reduce the attack surface, enforce consistent security controls, and limit the blast radius to prevent damaging breaches.

The survey conducted by Zscaler found that 91 percent of respondents expressed concerns about VPNs as weak entry points in their IT infrastructure, especially following recent breaches that exposed the risks of relying on outdated or unpatched VPN infrastructure. The report highlights the high-profile breach and critical VPN vulnerability uncovered in large vendor Ivanti earlier this year as a clear indication for companies to move towards a zero trust model. Additionally, the survey revealed that a majority of impacted enterprises, breached via VPN vulnerabilities, experienced threat actors moving laterally on the network, indicating significant containment failures after the initial compromise.

Zscaler strongly recommends the adoption of a Zero Trust architecture to help minimize the blast radius and mitigate risks from VPN vulnerabilities. A zero trust architecture, as outlined in the report, will assist enterprises in minimizing the attack surface, preventing compromise, and eliminating lateral movement. The findings from Zscaler’s report underscore the growing imperative for organizations to prioritize cybersecurity measures and shift towards a zero trust security approach to safeguard against evolving cyber threats.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and