Technology

Browser-based attacks hit 95% of enterprises — and traditional security tools never saw them coming

3 2 minutes read
Browser-based attacks hit 95% of enterprises — and traditional security tools never saw them coming
Browser based attacks hit 95 of enterprises — and traditional security.png

The threat of browser-based attacks is a growing concern for organizations worldwide. Despite having robust security measures in place, 95% of organizations experienced browser-based attacks last year, according to Omdia research. Recent campaigns like ShadyPanda, Cyberhaven, and Trust Wallet have highlighted the dangers posed by these attacks, which often go unnoticed by traditional security tools.

Attackers are exploiting trusted browser sessions to bypass perimeter defenses and launch attacks from within. This trend has prompted security experts like Sam Evans, CISO of Clearwater Analytics, to emphasize the importance of implementing security controls at the browser level. With users spending a significant amount of time in their browsers, securing this environment has become crucial for protecting sensitive data and preventing breaches.

Elia Zaitsev, CTO of CrowdStrike, explains that modern adversaries are focusing on exploiting valid identities, tokens, and access within trusted browser sessions. Traditional security architectures are not equipped to detect or prevent these types of attacks, as they were designed to inspect traffic before authentication, not behavior after access is granted.

Browser-layer controls have emerged as a key defense against browser-based attacks. By implementing browser-layer controls, organizations can reduce their exposure to threats and mitigate the risks associated with browser extensions and GenAI tools. These controls allow for real-time monitoring of browser behavior, enabling security teams to detect and respond to suspicious activities before they escalate.

The rise of GenAI tools and the surge in browser-based data loss incidents further underscore the need for enhanced browser security measures. Organizations must prioritize visibility and control within live browser sessions to prevent data exfiltration and unauthorized access to sensitive information.

As vendors continue to invest in browser security solutions, organizations are faced with the decision of whether to replace existing browsers with purpose-built solutions or layer security controls on top of existing browsers. Both approaches have their advantages, but the key is to tie browser activity to identity, endpoint, and SOC workflows to enhance security posture and mitigate the risks associated with browser-based attacks.

In conclusion, securing the browser environment is essential for protecting sensitive data and preventing breaches. By implementing browser-layer controls, organizations can reduce their exposure to threats and ensure a more secure browsing experience for users. With the threat landscape constantly evolving, it is crucial for organizations to stay ahead of attackers by implementing robust security measures at the browser level.

Tags
3 2 minutes read

Related Articles

F1 on Apple TV: How to Watch Australian Grand Prix 2026

F1 on Apple TV: How to Watch Australian Grand Prix 2026

6 hours ago
The Suri 2.0 Electric Toothbrush is Out in a New, Spring-ready Colourway

The Suri 2.0 Electric Toothbrush is Out in a New, Spring-ready Colourway

12 hours ago
How to Make a Mobile App: The Complete Step-by-Step Guide

How to Make a Mobile App: The Complete Step-by-Step Guide

18 hours ago
Nothing Phone (4a): Release Date, Price & Specs

Nothing Phone (4a): Release Date, Price & Specs

24 hours ago
Back to top button