With the browser changing into essentially the most prevalent workspace within the enterprise, it’s also turning into a well-liked assault vector for cyber attackers. From account takeovers to malicious extensions to phishing assaults, the browser is a way for stealing delicate knowledge and accessing organizational programs.
Safety leaders who’re planning their safety structure require knowledge and insights into the browser risk panorama. Lately, LayerX launched the “Annual Browser Safety Report 2024“, offering an in-depth evaluation of the evolving risk panorama for browser safety.
This complete report highlights the important vulnerabilities and assault vectors that pose the best dangers to enterprise safety. It permits decision-makers and stakeholders to benchmark the safety challenges of their atmosphere to allow them to make actionable choices. Beneath, we element key findings from the report and a summarized record of safety suggestions. We urge you to learn your complete report, which is wealthy in particulars, examples and extra sections we didn’t embrace on this article.
Key Findings from the Report
- Hybrid Work Dangers – Unmanaged units and private browser profiles are major vectors for cyber threats, like knowledge leakage and phishing. The chance is widespread – 62% of the workforce is utilizing unmanaged units to entry company knowledge and 45% of all browsers inside company units use private profiles.
- Browser Extension Threats – 33% of all extensions inside a corporation pose a excessive threat, with 1% of put in extensions identified to be malicious. The report highlights how misleading extensions are utilized by attackers to hijack consumer knowledge and lead customers to phishing websites.
- Shadow SaaS Dangers – The clandestine use of Shadow SaaS functions by workers creates vital vulnerabilities, like blind spots and in id administration.
- Id Vulnerabilities – Shared accounts and Single Signal-On (SSO) practices result in elevated dangers of unauthorized entry. Incidents just like the 23andMe knowledge breach spotlight the hazards of shared identities.
- Gen-AI and LLM Vulnerabilities – 7.5% of workers threat knowledge publicity by pasting or typing delicate info into Generative AI instruments like ChatGPT. There’s a important hole within the safety group in understanding the dangers related to AI instruments in company environments.
- AI-Powered Threats – AI can be utilized to boost assaults, from malware to phishing to browser extension exploitation to produce chain assaults. These threats leverage AI-driven personalization to make assaults extra convincing and troublesome to detect, or they use AI algorithms to enhance attacking capabilities.
- Unpatched Vulnerabilities – Unpatched vulnerabilities in browsers pose a big threat. There are variations in patching occasions amongst browsers.
Suggestions for Safety Leaders
To fight these threats, the report’s analysts suggest a multifaceted method:
- Replace browsers recurrently and push safety patches promptly to mitigate dangers from outdated software program.
- Prohibit unauthorized extensions and recurrently evaluate permissions to forestall knowledge theft.
- Practice workers to determine and report suspicious emails and web sites.
- Implement conditional entry controls and promote clear BYOD insurance policies to safe private units used for work.
- Implement MFA and educate workers on password hygiene to boost account safety.
- Implement safe configurations and the whitelisting of extensions.
- Prohibit entry to delicate knowledge primarily based on consumer roles.
- Use superior instruments to detect and analyze browser knowledge for threats, making certain proactive risk mitigation.
Learn the Report
The Annual Browser Safety Report is a vital useful resource for safety leaders in search of to know and mitigate browser-based dangers. By adopting the really helpful methods, organizations can strengthen their protection towards the more and more subtle and threats concentrating on browsers. For additional insights, greatest practices and predictions, learn the report right here.
