The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks.
LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and geolocations. They asked them about their security practices for SaaS access, BYOD, phishing, browser data loss and browser security. The results of this extensive poll can be found in the report “2023 Browser Security Survey”. In this article, we bring a taste of the report.
- Organizations in the cloud are exposed to web-borne attacks. 87% of all-SaaS adopters and 79% of CISOs in a hybrid environment experienced a web-borne security threat in the past 12 months.
- Account takeover is a top concern. 48% list credential phishing as the riskiest browser threat. Followed by malicious browser extensions (37%), malware download (9%), and browser vulnerabilities (6%).
- Unsanctioned apps and shadow identities are perceived as unaddressed security gaps. 95% of organizations have a coverage level of 50% or less for unsanctioned apps.
- Most organizations employ at least two security measures to combat phishing attacks. 79% employ network security tools, like firewalls and SWGs.
- Both all-SaaS and hybrid organizations use network solutions to block phishing, but realize this is not an efficient strategy. 80% have a coverage level of 50% or less.However, existing network solutions aren’t able to provide a secure means. This is because solutions used by on-prem organizations such as device trust, CASB or network proxies, are losing effectiveness once the organization transitions to the cloud. As a result, in most companies they are not implemented across all environments. In addition, popular solutions like MFA also aren’t able to deliver on their promise.
Source: https://thehackernews.com/