Web-based threats are a key cybersecurity concern, and recent headlines on malicious browser extensions have highlighted that the browser has become an attack vector. However, according to Andrius Buinovskis, a cybersecurity expert at NordLayer, these are not the only threat security teams need to watch out for, since dangerous employee activity can result in data leaks, GDPR violations, and industry secret disclosure.
According to Buinovskis, organizations are embracing the shift to a web-based environment. However, with limited observability and control over what employees are doing, the browser has created a security blind spot, often allowing dangerous activity undetected.
Enterprise reliance on browsers is growing, and so are the associated risks stemming from dangerous employee web behaviour. Research has found that 80 percent of employees can complete 80 percent of their work tasks using the browser. While the shift to the browser can increase productivity and collaboration by speeding up processes, this is also accompanied by risks.
“Companies are embracing web-based software as a service (SaaS) applications for various benefits, such as cost reduction and increased efficiency. However, due to increasing dependency, the browser is becoming a significant cybersecurity concern,” says Buinovskis in a statement provided to Digital Journal.
He continues: “Aside from attracting the attention of cybercriminals, it’s also become a hub for insider threats or employee error, which can result in devastating security breaches. The most concerning element is the lack of observability security teams might have into employee activity in the browser, creating an alarming blind spot.”
Can security teams see what employees are doing in the browser?
According to Buinovskis, if employees use a traditional browser, security teams’ observability of what people do in the browser is existent yet limited. Solutions like ADR (automated detection and response) and XDR (extended detection and response) can incorporate TLS (transport layer security) inspection and provide extensive activity monitoring and securing capabilities. However, they require significant financial and human resources to implement and maintain. The hefty price tag might ward off small to medium-sized businesses from the investment, exposing them to browser-based threats.
“Traditional browsers are not built with security and observability in mind — their primary target is to provide a user-friendly interface. These capabilities are more or less sufficient for personal use but are inadequate to safeguard a business,” Buinovskis explains. “Even if a company has an extensive cybersecurity strategy and a large team of security experts at their disposal, the lack of built-in security and monitoring features in a traditional browser still leaves them vulnerable and more likely to experience a safety incident.”
The most dangerous threats to look out for
According to Buinovskis, the most dangerous threats that can result from employee activity in the browser include:
• Data exfiltration. Ill-intended employees can use the browser’s limited observability to steal confidential company information, such as industry secrets or client data stored on web-based apps, and share it through email or social media without being detected.
• Install unauthorized browser extensions. Some of these extensions are malicious and prey on unsuspecting users to collect sensitive data, modify browser behavior, and create security vulnerabilities. If a company uses a traditional browser, it’s challenging to monitor and control which extensions employees can download and minimize the risk of them installing malicious add-ons.
• Engage with unauthorized browser-based applications (shadow IT). Not all web-based SaaS applications are safe to use — some might have significant security vulnerabilities, resulting in data leaks or compliance violations. Without proper monitoring, these applications can go undetected, expanding the scope of unmanaged apps (shadow IT).
• Other insider threats. The traditional browser’s lack of observability and behavioral analytics makes it easier for malicious employees to fly under the radar and access sensitive data or converse with third parties. Depending on the scope, these actions can have dire consequences, such as industry secrets ending up in the hands of the competition.
“To safeguard against browser-based threats, companies need to invest in building and maintaining a comprehensive cybersecurity strategy that would provide a higher level of observability into employees’ activity on the browser or opt for browsers with built-in monitoring and security features,” Buinovskis recommends.
Buinovskis highlights that cybersecurity awareness training for employees is also a worthwhile investment. It helps to minimize the possibility of user error, such as interacting with unauthorized apps or downloading malicious browser extensions.
He further advises: “However, it’s worth noting that even with comprehensive cybersecurity measures, monitoring browser usage across an organization remains challenging if it lacks built-in security features. This gap allows certain user activity to go undetected.”
