While the massive shift to SaaS apps has begun more than a decade ago, CISOs are still struggling to address the security debt they incurred. Threats like phishing and account takeover pose alarming risks, with most organizations having been attacked in the past year. Yet, existing network-based solutions like firewalls, proxies, and  CASBs, fail to deliver the protection the SaaS environment requires. Critical gaps in existing solutions' capabilities, security architecture that doesn’t recognize the browser as a prominent, standalone attack surface, as well as low resilience to web-borne threats, are among the findings of a new global survey just released by . LayerX about their security practices across various disciplines that ultimately come down to securing users, data, and applications within the browser: secure SaaS access, SaaS security and data protection, BYOD, phishing protection, and browser security posture. 150 CISOs across multiple geographies and verticals were polled : all-SaaS, hybrid, and mostly on-prem, showing how the relative importance of the browser increases with respect to the level of the organization’s SaaS adoption. Respondents’ answers were classified according to their architecture include: The main findings Organizations in the cloud are exposed to web-borne attacks. 87% of all-SaaS adopters and 79% of CISOs in a hybrid environment experienced a web-borne security threat in the past 12 months. . 48% list credential phishing as the riskiest browser threat. Followed by malicious browser extensions (37%), malware download (9%), and browser vulnerabilities (6%). Account takeover is a top concern Unsanctioned apps and shadow identities are perceived as unaddressed security gaps. 95% of organizations have a coverage level of 50% or less for unsanctioned apps. Most organizations employ at least two security measures to combat phishing attacks. 79% employ network security tools, like firewalls and SWGs. Both all-SaaS and hybrid organizations use network solutions to block phishing, but realize this is not an efficient strategy. 80% have a coverage level of 50% or less. Incidentally, browser security controls are not perceived as efficient enough, with more than half rating them as efficient to “Some extent”. Luckily, there is a healthy trend towards investing in a browser security solution. Most are leaning towards a browser security solution that can be deployed with commercial browsers that are already in use. “This is the first time such an all-encompassing survey has been conducted about browser security,” said Or Eshed, CEO of LayerX. “With the browser being the key work interface in the modern environment, our hope is that these survey results help CISOs address web-borne threats and mitigate SaaS-related risks.” About LayerX LayerX Browser Security Platform was purpose-built to monitor, analyze, and protect against web-borne cyber threats and data risks. Delivered as an enterprise browser extension, LayerX natively integrates with any browser, transforming it into the most secure and manageable workspace – while maintaining a top user experience. Using LayerX, organizations gain comprehensive protection against all browsing risks and threats that either target the browser directly or attempt to utilize it as a bridge to the organization’s devices, apps, and data. Led by seasoned veterans of IDF cyber units and the cybersecurity industry, LayerX is reshaping the way cybersecurity is practiced and managed by making the browser a key pillar in enterprise cybersecurity. Visit to learn more. their website This story was distributed as a release by Cyber Wire under HackerNoon’s Brand As An Author Program. Learn more about the program . here

This is a PR written by or for the company mentioned within it. The writer has a vested interest in the company and products mentioned within.

Memcyco is Preventing Brandjacking and Deterring Digital Impersonation Fraud

Sign Up for Free

87% SaaS CISOs Experienced Browser-borne Attacks in 2022: Survey Reveals

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

1inch Partners With Blockaid To Enhance Web3 Security Through The 1inch Shield

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

1inch Partners With Blockaid To Enhance Web3 Security Through The 1inch Shield

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps