The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks.
In light of this significant challenge, how are CISOs responding?
LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and geolocations. They asked them about their security practices for SaaS access, BYOD, phishing, browser data loss and browser security. The results of this extensive poll can be found in the report "2023 Browser Security Survey". In this article, we bring a taste of the report. You can read all the results and analysis here.
- Organizations in the cloud are exposed to web-borne attacks. 87% of all-SaaS adopters and 79% of CISOs in a hybrid environment experienced a web-borne security threat in the past 12 months.
- Account takeover is a top concern. 48% list credential phishing as the riskiest browser threat. Followed by malicious browser extensions (37%), malware download (9%), and browser vulnerabilities (6%).
- Unsanctioned apps and shadow identities are perceived as unaddressed security gaps. 95% of organizations have a coverage level of 50% or less for unsanctioned apps.
- Most organizations employ at least two security measures to combat phishing attacks. 79% employ network security tools, like firewalls and SWGs.
- Both all-SaaS and hybrid organizations use network solutions to block phishing, but realize this is not an efficient strategy. 80% have a coverage level of 50% or less.
|Example finding from the report|
What These Findings Mean
The interesting results of the survey have led LayerX analysts to conclude that while SaaS adoption is (unsurprisingly) on the rise, CISOs are still struggling to solve the security debt created by the transition to the cloud. Threats like phishing, account takeover and unsanctioned apps are top concerns for CISOs, who are looking for solutions that can mitigate them.
However, existing network solutions aren't able to provide a secure means. This is because solutions used by on-prem organizations such as device trust, CASB or network proxies, are losing effectiveness once the organization transitions to the cloud. As a result, in most companies they are not implemented across all environments. In addition, popular solutions like MFA also aren't able to deliver on their promise.
So what can CISOs do? Since the problem stems from the browser, it requires a browser security solution.