Post by Expel

The UK is debating VPN age-gating. Most see a privacy story; CISOs should see a visibility gap. Identity-based attacks drove 68.6% of incidents Expel investigated in 2025. Many targeted remote access directly via unauthorized VPN applications and proxy-routed credential stuffing. While policy moves slowly, attackers certainly don’t. Our advice? Use this debate as a prompt to audit your own remote access posture. Whether or not policy changes, the threat is real and the defensive steps are the same. Read more. ⬇️