As the adoption of SaaS continues to soar, the browser has become the key work interface in today’s corporate world. However, this heavy reliance on browsers also exposes organizations to a range of cybersecurity threats and operational risks they need to protect against. To gain insights into how CISOs are managing these security challenges, we went straight to the source – and asked them.
The result? An extensive report by LayerX based on surveys of 150 CISOs spanning multiple verticals and geolocations. The questions we asked covered security practices for a wide range of topics, including SaaS access, SaaS security, BYOD, phishing, browser data loss and browser security.
In this blog post, we present the main highlights of the survey. To read the full report with more details, answers, and above all, insights, click here
6 Key Cybersecurity Findings from the 2023 Browser Security Survey Report
As a CISO, you can use the following critical findings from the report to inform your security strategy.
1. SaaS Adoption Shows No Signs of Slowing Down
SaaS adoption levels are continuing to rise among organizations. More than one third, 39%, of CISOs surveyed had already adopted an all-SaaS environment. Another 13% were working in a hybrid environment. This means that more than half of organizations hold valuable data in the cloud. No surprise here, just a need for CISOs to take these evolving changes into account when building their security stack.
2. Account Takeover is a Top Concern
With SaaS come SaaS vulnerabilities. 48% of CISOs working for all-SaaS or hybrid organizations list ‘credential phishing’ as their riskiest browser threat. 37% claim it to be ‘malicious browser extensions’. Both these risks could result in account takeovers, either by tricking the victim into sharing credentials or by exfiltrating the passwords stored in the browser.
3. One is the Loneliest Number
Phishing and malware threats are taken seriously by CISOs. Most organizations employ at least two security measures to combat phishing and malware attacks. These include network security (79%), browser isolation (62%), and email security (35%).
4. Gone are the Days of Network Solutions?
SaaS environments have created a security debt CISOs are still struggling to solve. As seen in finding #3, CISOs in all-SaaS and hybrid organizations use network solutions to block phishing. However, they realize this is not an efficient strategy. 80% of respondents have a security coverage level of 50% or less of such solutions intended to prevent users from accessing malicious web pages. This is an apparent gap that must be addressed.
5. 87% of SaaS Organizations Experienced Web-borne Cyber Attacks
Most organizations that have adopted SaaS were exposed to web-borne attacks in the past 12 months. On top of the 87% of all-SaaS organizations, 78% of hybrid organizations were subject to these attacks as well. The concerns of CISOs regarding their ability to protect their environments is well justified.
6. Unsanctioned SaaS Apps are a Key Challenge
A whopping 95(!)% of organizations have a 50% or less coverage level of unsanctioned/shadow SaaS apps. These apps are one of the key challenges cloud-first organizations face. Since IT and security teams cannot govern them, they are highly susceptible to compromise and data loss, which creates a visibility and security gap.
Read the Complete 2023 Browser Security Survey
LayerX conducted the survey to furnish CISOs with valuable insights into the browser security challenges that their colleagues are encountering. With these findings, CISOs can identify the areas that are relevant to their own circumstances.
Read the entire survey to inform yourself with more relevant stats and insights, for example:
- Levels of access control implementation and coverage
- CASB adoption levels and usage
- How to secure unsanctioned apps
- Managing BYOD
- Protection from phishing
- Preventing data loss
- Browser security usage
- And more
Read the full report here