VPN Risk Survey

Welcome to the VPN Risk Survey! As VPNs become a double-edged sword, providing essential remote access but posing security risks, we aim to reassess VPN usage and zero trust strategies.

This survey is designed to understand how organizations manage VPN infrastructure and risks, and plan for secure remote access. Your insights will help identify trends, best practices, and guide VPN strategies.

Please take time to respond below. Your responses are confidential and will become part of the VPN Risk Report in aggregate form. Thank you for your contribution; we look forward to sharing the findings.

Question Title

* 1. Does your organization currently use a VPN service? (Select one)

Yes

Question Title

* 2. What is the primary purpose for your organization's use of VPN? (Select all that apply)

Connecting multiple sites

Access for third parties

Access for remote employees

IoT/OT device connectivity

Access for unmanaged devices

On-campus access

Other (please specify)

Question Title

* 3. How often do your end-users utilize VPN? (Select one)

Daily or almost daily

4-5 times a week

2-3 times a week

Once a week

2-3 times a month

Once a month or less

Question Title

* 4. What geographies are your remote users connecting from? (Select all that apply)

North America

Europe

Asia

South America

Africa

Australia

Not sure

Question Title

* 5. Where are your private applications currently running? (Select all that apply)

Data center

Private cloud

Public cloud (Azure)

Public cloud (AWS)

Public cloud (Google)

Other (please specify)

Question Title

* 6. How many different inbound VPN gateways do you have globally? (Select one)

None

Unsure

Question Title

* 7. What is the most significant issue your organization encounters with its current VPN service? (Select one)

Difficulty integrating with other systems and services

Complex management and administration

High costs (infrastructure, licensing, maintenance, etc.)

Poor user experience (slow connections, frequent disconnections, etc.)

Scalability and flexibility limitations

Insufficient security and compliance

Other (please specify)

Question Title

* 8. How confident are you in your organization's ability to detect and mitigate VPN vulnerabilities exposing it to cybersecurity attacks? (Select one)

Extremely confident - Our organization has robust processes and tools in place to identify and address VPN vulnerabilities that could lead to cybersecurity attacks.

Very confident - We are well-prepared to handle VPN vulnerabilities, but there's always room for improvement in our cybersecurity posture.

Moderately confident - We have some measures in place, but we could be doing more to proactively identify and address VPN vulnerabilities that could lead to cybersecurity attacks.

Slightly confident - Our organization has limited resources and processes for addressing VPN vulnerabilities, and we are at risk for potential cybersecurity attacks.

Not confident at all - We lack the necessary processes and tools to effectively identify and address VPN vulnerabilities, leaving us highly vulnerable to cybersecurity attacks.

Not sure / Don't know - I don't have enough information to assess our organization's ability to identify and address VPN vulnerabilities related to cybersecurity attacks.

Question Title

* 9. What's the biggest headache in managing your VPN infrastructure? (Select one)

Playing catch-up with frequent VPN software patches and updates

Navigating the complexity and effort involved in scaling VPN infrastructure

Bearing the burden of increasing VPN infrastructure costs

Juggling VPN compatibility with various devices, operating systems, and applications

Balancing VPN performance and user experience

Constantly troubleshooting VPN connectivity and stability issues

Other (please specify)

Question Title

* 10. How concerned are you that VPN may jeopardize your ability to keep your environment secure? (Select one)

Not concerned at all

Slightly concerned

Moderately concerned

Very concerned

Extremely concerned

Question Title

* 11. How concerned are you about third parties serving as a potential backdoor for attackers into your network through their VPN access? (Select one)

Not concerned at all

Slightly concerned

Moderately concerned

Very concerned

Extremely concerned

Question Title

* 12. How concerned are you about being targeted by ransomware due to unpatched vulnerabilities? (Select one)

Not concerned at all

Slightly concerned

Moderately concerned

Very concerned

Extremely concerned

Question Title

* 13. What are you most concerned about as the primary cause of ransomware? (Select one)

Scattered Spidered

Vulnerability in externally exposed assets

Vulnerability in VDI

Nation state attack

Stolen Identity

Other (please specify)

Question Title

* 14. Which types of cyberattacks do you think are most likely to exploit your organization's VPN vulnerabilities? (Select all that apply)

Brute force attacks

Malware infections

Advanced Persistent Threats (APTs)

Distributed Denial of Service (DDoS) attacks

Remote code execution attacks

Stolen identity / credentials to gain access

Zero-day exploits

Ransomware attacks

Not sure/Don't know

Other (please specify)

Question Title

* 15. Has your organization experienced a cyberattack as a result of VPN? (Select one)

Yes

Unknown

Question Title

* 16. In the last 12 months, how often has your organization experienced an attack that took advantage of security vulnerabilities in your VPN servers? (Select one)

Never

Once

2-3 times

4-5 times

More than 5 times

Unknown

Question Title

* 17. In terms of network security, what is your organization's most significant attack surface? (Select one)

End-user devices (e.g., laptops, smartphones)

VPNs and remote access solutions

Internet of Things (IoT) devices

Email and messaging systems

Web applications and APIs

Internal network infrastructure (e.g., routers, switches)

Data center infrastructure (e.g., servers)

Cloud services and applications

Other (please specify)

Question Title

* 18. Within the past 12 months, has your network experienced an attack by a hacker who first gained access through your VPN? (Select one)

Yes, one or more attacks

No, we have not experienced any such attacks

Not sure/Don't know

Question Title

* 19. Of all the attacks your organization has experienced, what percentage involved threats spreading laterally after gaining access through VPN? (Select one)

Less than 25%

25-50%

50-75%

More than 75%

Not sure/Don't know

Question Title

* 20. Considering the growing sophistication of cyberattacks, how confident are you in your network segmentation measures to prevent lateral movement by attackers after gaining unauthorized access? (Select one)

Extremely confident - Our network segmentation measures are robust and effectively prevent lateral movement by attackers after unauthorized access.

Very confident - We have strong network segmentation measures in place, but there's always room for improvement in our security posture.

Moderately confident - We have some segmentation measures in place, but we could be doing more to prevent lateral movement by attackers after unauthorized access.

Slightly confident - Our organization has limited network segmentation measures, and we are at risk for potential lateral movement by attackers.

Not confident at all - We lack the necessary network segmentation measures to effectively prevent lateral movement by attackers after unauthorized access, leaving us highly vulnerable.

Not sure / Don't know - I don't have enough information to assess our organization's network segmentation measures and their effectiveness in preventing lateral movement by attackers.

Question Title

* 21. How difficult do you anticipate it would be to merge two networks using your existing VPN infrastructure in the event of a merger or acquisition (M&A)? (Select one)

Extremely difficult

Very difficult

Moderately difficult

Slightly difficult

Not difficult at all

Unsure/Not applicable

Question Title

* 22. Are you concerned about becoming a victim of attacks post M&A with your current VPN infrastructure? (Select one)

Yes

Question Title

* 23. How dissatisfied are your users with their VPN experience? (Select one)

Extremely dissatisfied

Very dissatisfied

Moderately dissatisfied

Slightly dissatisfied

Not dissatisfied at all

Question Title

* 24. What is the most common complaint reported by your users when accessing applications via VPN? (Select one)

Inability to connect to VPN or to access applications altogether

Slow connection speed when accessing applications

Inconsistent user experience across different devices/platforms

Complex or cumbersome VPN authentication process

Difficulty accessing applications due to authentication issues

Problems with connection drops while using VPN

Other (please specify)

Question Title

* 25. How has your organization's budget allocation for VPN infrastructure and remote access solutions changed this year compared to the previous year? (Select one)

Significantly increased

Slightly increased

Remained the same

Slightly decreased

Significantly decreased

Not sure/Don't know

Question Title

* 26. What are your plans for replacing your current VPN service? (Select one)

Already in the process of replacing our VPN service

Planning to replace our VPN service within the next 6 months

Planning to replace our VPN service within the next 12 months

Considering replacement options but no specific timeline

No plans to replace our current VPN service

Not sure/Don't know

Question Title

* 27. How big of a priority is adopting a zero trust strategy for your organization? (Select one)

Top priority

High priority

Moderate priority

Low priority

Not a priority at all

Not sure/Don't know

Question Title

* 28. What are your plans for adopting a zero trust strategy for your organization? (Select one)

Already implementing a zero trust strategy

Planning to implement a zero trust strategy within the next 6 months

Planning to implement a zero trust strategy within the next 12 months

Considering a zero trust strategy but no specific timeline

No plans to adopt a zero trust strategy

Not sure/Don't know

Question Title

* 29. Do you believe you can achieve Zero Trust security with VPNs? (Select one)

No, VPNs are anti-Zero Trust

Yes, VPN in the cloud is Zero Trust architecture

Question Title

* 30. Do you have plans to replace your current VPN solution with a Zero Trust Network Access (ZTNA) solution in the near future? (Select one)

Yes

Already have a ZTNA solution in place

Question Title

* 31. What industry is your company in? (Select one)

Agriculture, Forestry & Mining

Computers & Electronics

Consumer Services

Education & Research

Energy & Utilities

Financial Services

Government

Healthcare, Pharmaceuticals & Biotech

Manufacturing

Media & Entertainment

Non-Profit

Professional Services

Real Estate & Construction

Retail

Software & Internet

Telecommunications

Transportation & Logistics

Travel, Recreation & Leisure

Wholesale & Distribution

Other (please specify)

Question Title

* 32. What is your job title / level of seniority? (Select one)

Founder / CEO / President

CTO, CIO, CISO, CMO, CFO, COO

Vice President

Director

Manager / Supervisor

Specialist / Analyst / Coordinator

Consultant

Other (please specify)

Question Title

* 33. In what department do you work? (Select one)

IT Security

Network

Infrastructure

IT Operations

Engineering

Product Management

Sales / Marketing

Other (please specify)

Question Title

* 34. What is your primary role at your organization? (Select one)

CSO, CISO, or VP of Security

CIO

IT Manager or Director

Security Administrator

Security Analyst

Security Manager or Director

Systems Administrator

Threat Analyst

Other (please specify)

Question Title

* 35. What is the size of your company? (Select one)

< 1,000 employees

1,000-5,000 employees

5,001-20,000 employees

> 20,000 employees

Question Title

* 36. In which world region do you currently reside? (Select one)

North America

Central America & Caribbean

South America

Europe

Africa

Middle East

Asia-Pacific