With the browser changing into probably the most prevalent workspace within the enterprise, it is usually turning into a well-liked assault vector for cyber attackers. From account takeovers to malicious extensions to phishing assaults, the browser is a method for stealing delicate knowledge and accessing organizational techniques.
Safety leaders who’re planning their security structure require knowledge and insights into the browser risk panorama. Not too long ago, LayerX launched the “Annual Browser Safety Report 2024”, offering an in-depth evaluation of the evolving risk panorama for browser security.
This complete report highlights the important vulnerabilities and assault vectors that pose the best dangers to enterprise security. It permits decision-makers and stakeholders to benchmark the security challenges of their setting to allow them to make actionable selections. Beneath, we element key findings from the report and a summarized record of security suggestions. We urge you to learn the complete report, which is wealthy in particulars, examples and extra sections we didn’t embody on this article.
Key Findings from the Report
- Hybrid Work Dangers – Unmanaged units and private browser profiles are main vectors for cyber threats, like knowledge leakage and phishing. The chance is widespread – 62% of the workforce is utilizing unmanaged units to entry company knowledge and 45% of all browsers inside company units use private profiles.
- Browser Extension Threats – 33% of all extensions inside a corporation pose a excessive danger, with 1% of put in extensions recognized to be malicious. The report highlights how misleading extensions are utilized by attackers to hijack person knowledge and lead customers to phishing websites.
- Shadow SaaS Dangers – The clandestine use of Shadow SaaS functions by workers creates important vulnerabilities, like blind spots and in id administration.
- Identification Vulnerabilities – Shared accounts and Single Signal-On (SSO) practices result in elevated dangers of unauthorized entry. Incidents just like the 23andMe data breach spotlight the hazards of shared identities.
- Gen-AI and LLM Vulnerabilities – 7.5% of workers danger knowledge publicity by pasting or typing delicate data into Generative AI instruments like ChatGPT. There’s a important hole within the security group in understanding the dangers related to AI instruments in company environments.
- AI-Powered Threats – AI can be utilized to reinforce assaults, from malware to phishing to browser extension exploitation to provide chain assaults. These threats leverage AI-driven personalization to make assaults extra convincing and tough to detect, or they use AI algorithms to enhance attacking capabilities.
- Unpatched Vulnerabilities – Unpatched vulnerabilities in browsers pose a big danger. There are variations in patching instances amongst browsers.
Suggestions for Safety Leaders
To fight these threats, the report’s analysts advocate a multifaceted method:
- Replace browsers frequently and push security patches promptly to mitigate dangers from outdated software program.
- Prohibit unauthorized extensions and frequently evaluate permissions to forestall knowledge theft.
- Prepare workers to establish and report suspicious emails and web sites.
- Implement conditional entry controls and promote clear BYOD insurance policies to safe private units used for work.
- Implement MFA and educate workers on password hygiene to reinforce account security.
- Implement safe configurations and the whitelisting of extensions.
- Prohibit entry to delicate knowledge based mostly on person roles.
- Use superior instruments to detect and analyze browser knowledge for threats, guaranteeing proactive risk mitigation.
Learn the Report
The Annual Browser Safety Report is a crucial useful resource for security leaders in search of to grasp and mitigate browser-based dangers. By adopting the really helpful methods, organizations can strengthen their protection in opposition to the more and more refined and threats concentrating on browsers. For additional insights, greatest practices and predictions, learn the report right here.
