VPN appliances have become a source of pain rather than a robust security control. You can see why Google Apps and Microsoft 365 are attractive to many businesses as a way of removing the need for VPNs…:
[…] Many organisations may be unaware this is an issue they need to think about – meaning patches aren’t being applied, and VPN servers remain open to compromise. “For many organisations we’ve talked to, it’s the first time they’ve had such an incident, so they’re not on the lookout for it,” said Vanautgaerden.
To remain robust against cyber attacks, organisations should apply security patches as soon as possible. Not being able to use VPNs for a short time while the updates are applied isn’t ideal, but it’s better than having to uproot the entire network after a full-scale breach.