Browsers serve as the main interface between on-premises, cloud and web environments in the modern enterprise. Therefore, browsers are also exposed to various types of cyber threats and operational risks.
Given these significant challenges, how will CISOs respond?
LayerX, provider of the Browser Security platform, has surveyed more than 150 CISOs across multiple verticals and geolocations. They asked about their security practices for SaaS access, BYOD, phishing, browser data loss, and browser security. The results of this extensive poll can be found in the report “Browser Security Survey 2023”. In this article, we present this report. You can read all the results and analysis Here.
- Organizations in the cloud are exposed to web-borne attacks. 87% of all SaaS adopters and 79% of CISOs in hybrid environments experienced web-borne security threats in the past 12 months.
- Account takeovers are a major concern. 48% listed credential phishing as the most risky browser threat. Followed by malicious browser extensions (37%), malware downloads (9%) and browser vulnerabilities (6%).
- Unapproved apps and shadow identities are considered unaddressed security holes. 95% of organizations have a coverage rate of 50% or less for unapproved applications.
- Most organizations use at least two security measures to combat phishing attacks. 79% use network security tools, such as firewalls and SWGs.
- Both all-SaaS and hybrid organizations use network solutions to block phishing, but recognize that this is not an efficient strategy. 80% have a coverage rate of 50% or less.
|Example of findings from the report|
What These Findings Mean
Interesting survey results have led LayerX analysts to conclude that despite SaaS adoption (no surprise) on the rise, CISOs are still struggling to address the security debt created by the transition to the cloud. Threats such as phishing, account takeovers and unapproved applications are a major concern for CISOs, who are looking for solutions that can mitigate them.
However, existing network solutions cannot provide a secure way. This is because solutions used by on-premises organizations such as device trust, CASB, or network proxies, lose effectiveness once an organization transitions to the cloud. Consequently, in most companies they are not implemented in all environments. Also, popular solutions like MFA also don’t live up to their promises.
So what can CISOs do? Since the problem originates from the browser, a browser security solution is required.