Select Page

As a primary working interface, the browser plays a significant role in today’s corporate environment. The browser is constantly used by employees to access websites, SaaS applications and internal applications, from both managed and unmanaged devices. A new report published by LayerX, a browser security vendor, finds that attackers are exploiting this reality and are targeting it in increasing numbers (download report here).

The key report findings

  1. Over half of all the browsers in the enterprise environment are misconfigured. While a configured browser is nearly impossible to compromise, stealing data from misconfigured browsers is like taking candy from a baby. The Leading misconfigurations are improper use of personal browser profiles on work devices (29%), poor patching routine (50%), and the use of corporate browser profiles on unmanaged devices.
  2. 3 of every 10 SaaS applications are non-corporate shadow SaaS, and no SaaS discovery/security solution can address its risks. Shadow SaaS, and more than that, shadow identities, are the number one source for enterprise data loss. No existing data security tool (whether it being a traditional DLP or a DSPM) has access or control to what employees can do on their own personal applications.
  3. Attackers adopt evasive attack techniques that neither email security nor network security tools can detect. Advanced browser-borne attack techniques, such as the use of SaaS applications to distribute malware or abusing high-reputation sites for phishing, have become a threat commodity.
  4. Traditional security tools miss over half of those attack vectors at zero hour, making targeted browser attacks into a leading cause for enterprise breaches.
  5. Most browser risks may lead to identity theft. Weak passwords, misconfigurations and SaaS security issues all circulate around the digital identity. This depressing finding outlines a main pain point – the digital identities are still the corporate Achilles heel.

images from Hacker News