As the primary working interface, browsers play a vital role in today’s corporate environment. An employee uses a browser all the time to access her websites, SaaS applications, and internal applications from both managed and unmanaged devices. A new report from browser security vendor LayerX shows that attackers are exploiting this reality, and the number of attackers is growing (download the report here).
Key report findings
- More than half of all browsers in enterprise environments are improperly configured. Compromising a preconfigured browser is nearly impossible, but stealing data from a misconfigured browser is like taking candy from a baby. The top misconfigurations were improper use of personal browser profiles on work devices (29%), improper patching routines (50%), and use of corporate browser profiles on unmanaged devices.
- 3 out of 10 SaaS applications are non-enterprise shadow SaaS, And no SaaS detection/security solution can address that risk. Shadow SaaS and beyond shadow identities are the number one cause of enterprise data loss. Existing data security tools (whether her traditional DLP or her DSPM) have no access or control over what employees can do in their personal applications.
- Attackers employ evasive attack techniques that neither email nor network security tools can detect. Advanced attack techniques via the browser, such as using SaaS applications to distribute malware and exploiting reputable sites for phishing, have become threat commodities.
- Traditional security tools miss more than half of these attack vectors in zero hourstargeted browser attacks are the leading cause of enterprise breaches.
- Most browser risks can lead to identity theft. Weak passwords, misconfigurations, and SaaS security issues all revolve around digital identities. This depressing survey results outlines the main pain points. In short, digital identities remain the Achilles heel of the enterprise.
The report also details the top browser security threats for 2022. This includes phishing attacks via reputable domains, malware distribution via file-sharing systems, data leaks exploiting personal browser profiles, outdated browsers, compromised passwords, vulnerable unmanaged devices, and risky High extensions, shadow IT, and account takeover with phishing credentials.
This report provides statistics and analysis of notable threats, as well as a look back at the major news stories that have left their mark on the world of browser security in 2022. Internet Explorer vulnerabilities and the infamous Lastpass customer data breach are highlighted.
A new perspective on browser security
The usefulness and value of this report are two-fold. Readers will gain knowledge about a new emerging security category: browser security. It also encourages readers to ask themselves whether they are familiar with the risks and trends in the report and whether they have safeguards in place to detect them. and prevent those threats.
This report can provide a new perspective on browser security risks (and opportunities). Provides insight into how employees use their browsers, which browser-related vulnerabilities can be exploited, and recommendations for addressing them. This is the result of this report combining original research based on data points from within LayerX’s own environment and analysis of publicly available information.
The report’s recommendations can be used by security professionals as a reference point when assessing security stacks and budgeting. As corporate environments continue to rely heavily on browsers as their primary work interface, it is important to be aware of the risks associated with browser misuse and take steps to protect against these threats.
Read the full report for more insights and details on the 2022-3 browser security landscape.
