87% SaaS CISOs Experienced Browser-borne Attacks in 2022: Survey Reveals

While the massive shift to SaaS apps has begun more than a decade ago, CISOs are still struggling to address the security debt they incurred. Threats like phishing and account takeover pose alarming risks, with most organizations having been attacked in the past year.

Yet, existing network-based solutions like firewalls, proxies, and  CASBs, fail to deliver the protection the SaaS environment requires.

Critical gaps in existing solutions' capabilities, security architecture that doesn’t recognize the browser as a prominent, standalone attack surface, as well as low resilience to web-borne threats, are among the findings of a new global survey just released by LayerX.

150 CISOs across multiple geographies and verticals were polled about their security practices across various disciplines that ultimately come down to securing users, data, and applications within the browser: secure SaaS access, SaaS security and data protection, BYOD, phishing protection, and browser security posture.

Respondents’ answers were classified according to their architecture: all-SaaS, hybrid, and mostly on-prem, showing how the relative importance of the browser increases with respect to the level of the organization’s SaaS adoption.

The main findings include:

• Organizations in the cloud are exposed to web-borne attacks. 87% of all-SaaS adopters and 79% of CISOs in a hybrid environment experienced a web-borne security threat in the past 12 months.
• Account takeover is a top concern. 48% list credential phishing as the riskiest browser threat. Followed by malicious browser extensions (37%), malware download (9%), and browser vulnerabilities (6%).
• Unsanctioned apps and shadow identities are perceived as unaddressed security gaps. 95% of organizations have a coverage level of 50% or less for unsanctioned apps.
• Most organizations employ at least two security measures to combat phishing attacks. 79% employ network security tools, like firewalls and SWGs.
• Both all-SaaS and hybrid organizations use network solutions to block phishing, but realize this is not an efficient strategy. 80% have a coverage level of 50% or less.

Incidentally, browser security controls are not perceived as efficient enough, with more than half rating them as efficient to “Some extent”. Luckily, there is a healthy trend towards investing in a browser security solution.

Most are leaning towards a browser security solution that can be deployed with commercial browsers that are already in use.

“This is the first time such an all-encompassing survey has been conducted about browser security,” said Or Eshed, CEO of LayerX. “With the browser being the key work interface in the modern environment, our hope is that these survey results help CISOs address web-borne threats and mitigate SaaS-related risks.”

About LayerX

LayerX Browser Security Platform was purpose-built to monitor, analyze, and protect against web-borne cyber threats and data risks. Delivered as an enterprise browser extension, LayerX natively integrates with any browser, transforming it into the most secure and manageable workspace – while maintaining a top user experience. Using LayerX, organizations gain comprehensive protection against all browsing risks and threats that either target the browser directly or attempt to utilize it as a bridge to the organization’s devices, apps, and data.

Led by seasoned veterans of IDF cyber units and the cybersecurity industry, LayerX is reshaping the way cybersecurity is practiced and managed by making the browser a key pillar in enterprise cybersecurity.

Visit their website to learn more.