Guidelines for Organizations on Protecting Against Cyber Threats through the use of Virtual Private Networks (VPN)

Abstract

The increasing use of Virtual Private Networks (VPN) among organizations and industrial facilities has effectively addressed the demand for secure and convenient access to systems and data. However, reliance on VPNs introduces significant cyber threat risks, particularly ransomware attacks, which can encrypt critical information and render it inaccessible. This research aims to develop strategies for mitigating ransomware risks within VPN environments through a mixed-methods approach. This includes analyzing four cases of ransomware attacks using the 2SMatrix and identifying preventive measures using the NIST Cybersecurity Framework, complemented by focused discussions on specific issues. The findings reveal that, despite the implementation of robust NIST-compliant protective measures, human errors remain a significant concern, leading to the incorporation of the IT governance framework (COBIT) as an additional safeguard to enhance cybersecurity protection, such as the creation of a comprehensive VPN policy and the assessment and monitoring of policy compliance with NIST security standards. The novelty of this study lies in the introduction of the 2SMatrix framework, which provides a structured and VPN-specific approach to ransomware analysis, distinguishing it from broader threat modeling tools.