Browsers serve as the primary interface between on-premises environments, the cloud, and the modern enterprise web. As such, browsers are also exposed to various types of cyber threats and operational risks.
How are CISOs responding in light of this critical challenge?
Browser security platform provider LayerX surveyed over 150 CISOs across multiple industries and geographic locations. They asked about security practices around SaaS access, BYOD, phishing, browser data loss, and browser security. The results of this extensive survey can be found in our report, 2023 Browser Security Survey. This article introduces the taste of the report. You can read all the results and analysis here.
Main attractions
- Organizations in the cloud are under attack via the web. 87% of all SaaS adopters in hybrid environments and 79% of CISOs experienced a web-borne security threat in the last 12 months.
- Account takeover is a top concern. 48% cite credential phishing as the most dangerous browser threat. This is followed by malicious browser extensions (37%), malware downloads (9%) and browser vulnerabilities (6%).
- Unsanctioned apps and shadow identities are recognized as unaddressed security gaps. 95% of organizations have coverage levels of 50% or less for unsanctioned apps.
- Most organizations employ at least two security measures to combat phishing attacks. 79% employ network security tools such as firewalls and SWGs.
- Both all-SaaS and hybrid organizations use network solutions to block phishing, but recognize that this is not an efficient strategy. 80% have coverage levels below 50%.
 |
| Examples of findings from reports |
Read the full report and its recommendations here.
What these findings mean
An interesting finding from the study suggests that while SaaS adoption is (understandably) increasing, CISOs are still struggling to resolve the security debt created by moving to the cloud. I concluded that there are Threats like phishing, account takeover, and unsanctioned apps are top concerns for his CISO, who is looking for solutions that can mitigate them.
However, existing network solutions cannot provide a means of security. This is because solutions used by on-premises organizations, such as device trust, CASB, and network proxies, become ineffective when organizations move to the cloud. As a result, most companies do not implement it in all environments. Moreover, common solutions such as MFA also fail to deliver the desired results.
So what can CISOs do? Because the problem comes from the browser, we need a browser security solution.
