Guidelines for Organizations on Protecting Against Cyber Threats through the use of Virtual Private Networks (VPN)
1
Issued Date
2025-01-01
Resource Type
Scopus ID
2-s2.0-105031160527
Journal Title
Proceedings 9th International Conference on Information Technology Incit 2025
Start Page
215
End Page
221
Rights Holder(s)
SCOPUS
Bibliographic Citation
Proceedings 9th International Conference on Information Technology Incit 2025 (2025) , 215-221
Suggested Citation
Khantamonthon N., Patpituck P., Chimmanee K. Guidelines for Organizations on Protecting Against Cyber Threats through the use of Virtual Private Networks (VPN). Proceedings 9th International Conference on Information Technology Incit 2025 (2025) , 215-221. 221. doi:10.1109/InCIT66780.2025.11276011 Retrieved from: https://repository.li.mahidol.ac.th/handle/123456789/115518
Title
Guidelines for Organizations on Protecting Against Cyber Threats through the use of Virtual Private Networks (VPN)
Author(s)
Author's Affiliation
Corresponding Author(s)
Other Contributor(s)
Abstract
The increasing use of Virtual Private Networks (VPN) among organizations and industrial facilities has effectively addressed the demand for secure and convenient access to systems and data. However, reliance on VPNs introduces significant cyber threat risks, particularly ransomware attacks, which can encrypt critical information and render it inaccessible. This research aims to develop strategies for mitigating ransomware risks within VPN environments through a mixed-methods approach. This includes analyzing four cases of ransomware attacks using the 2SMatrix and identifying preventive measures using the NIST Cybersecurity Framework, complemented by focused discussions on specific issues. The findings reveal that, despite the implementation of robust NIST-compliant protective measures, human errors remain a significant concern, leading to the incorporation of the IT governance framework (COBIT) as an additional safeguard to enhance cybersecurity protection, such as the creation of a comprehensive VPN policy and the assessment and monitoring of policy compliance with NIST security standards. The novelty of this study lies in the introduction of the 2SMatrix framework, which provides a structured and VPN-specific approach to ransomware analysis, distinguishing it from broader threat modeling tools.