The browser serves as the primary interface between on-premises, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to various types of cyber threats and operational risks.
In light of this important challenge, how are CISOs responding?
Browser security platform provider LayerX surveyed more than 150 CISOs across multiple verticals and geos. They were asked about their security practices for SaaS access, BYOD, phishing, browser data loss, and browser security. The results of this extensive survey can be found in the “Browser Security Survey 2023” report. In this article we present you a taste of the report. You can read all the results and analysis here.
- Cloud organizations are exposed to web-borne attacks. 87% of SaaS adopters and 79% of CISOs in a hybrid environment experienced a web-borne security threat in the past 12 months.
- Account takeover is a major concern. 48% list phishing as the riskiest browser threat. This is followed by malicious browser extensions (37%), malware downloads (9%) and browser vulnerabilities (6%).
- Unsanctioned apps and shadow identities are perceived as unaddressed security gaps. 95% of organizations have a coverage level of 50% or less for unsanctioned applications.
- Most organizations use at least two security measures to combat phishing attacks. 79% use network security tools such as firewalls and SWG.
- Both fully SaaS and hybrid organizations use network solutions to block phishing, but realize that it is not an efficient strategy. 80% have a coverage level of 50% or less.
|Example report finding|
Read the full report and its recommendations here.
What do these findings mean?
The interesting survey results have led LayerX analysts to conclude that while SaaS adoption is (unsurprisingly) on the rise, CISOs are still struggling to address the security debt created by the cloud transition . Threats such as phishing, account takeover, and unsanctioned applications are top concerns for CISOs, who are looking for solutions that can mitigate them.
However, existing network solutions cannot provide a secure medium. This is because solutions used by on-premises organizations, such as device trust, CASB, or network proxies, are losing effectiveness once the organization transitions to the cloud. As a result, in most companies they are not implemented in all environments. Also, popular solutions like MFA can’t deliver on their promise either.
So what can CISOs do? Since the problem originates from the browser, it requires a browser security solution.
At Ikaroa, we understand the challenges companies face when adopting a Software-as-a-Service (SaaS) platform. In a recent study conducted by Ikaroa and other security experts, it was found that 87% of SaaS adopters are exposed to browser-borne attacks.
The study focused on companies that have moved to cloud-based software solutions for their business operations. It found that of the 87% of companies that initially adopted SaaS, the majority lacked adequate security measures to protect against the wide variety of threats that can be experienced when using browser-based applications.
These threats range from session hijacking, which enables an attacker to gain access to user accounts, to malicious code injections that can remotely execute code on victims’ computers. Furthermore, due to the prevalence of cross-site scripting (XSS) attacks, business applications can be used by hackers to launch a wide array of malicious activity.
The study found that failure to secure the browser environment and address potential vulnerabilities was the most common reason for a successful attack. Businesses are advised to ensure their applications, servers and networks are properly secured, and their staff is educated and trained in order to reduce the possibility of a successful browser-borne attack.
At Ikaroa, we are committed to helping our customers ensure their business applications are secure, and we offer a full-stack security platform that includes sophisticated detection and prevention technologies. We monitor browser traffic and communication channels to detect threats and block malicious activities before they can affect customer data.
We are also rapidly developing a comprehensive and secure browser-based platform for organizations to efficiently operate and protect their data across their whole IT infrastructure. As part of this platform, we have developed specialized protection modules that protect employees from unauthorized change or modification of customer information, as well as protect customer data shared across multiple organizations or cloud-based architectures.
We understand the challenges organizations face when adopting new SaaS solutions, and at Ikaroa, we are dedicated to helping organizations reduce the risk of browser-borne attacks and other cyber threats.