Half of browser extensions pose a high risk to business
As businesses increasingly turn to SaaS applications in order to streamline their operations and facilitate hybrid working, a new report reveals the risks that can be posed to these apps by browser extensions.
The study from Spin.AI shows almost 51 percent of browser extensions pose a high risk to data stored in Google Workspace and Microsoft 365, and 44 percent pose a medium risk.
"In an era marked by the rapid proliferation of SaaS applications, businesses are navigating uncharted digital terrain," says Dmitry Dontov, CEO of Spin.AI. "This report shines a light on a critical yet often underestimated facet of this landscape -- browser extensions. These seemingly innocuous tools can harbor significant security risks to SaaS data, demanding a closer look. Our findings reveal an urgent call to action for organizations to take a proactive stance in safeguarding their digital assets."
Of over 300,000 extensions and third-party OAuth applications analyzed by Spin.AI, a startling 42,938 extensions have unknown authors and are registered to a personal email account -- a potential gateway for malicious intent. These anonymous extensions, combined with the sheer volume of extensions being used by organizations, create an expanding threat landscape.
In order to reduce the risk it's recommended that organizations maintain a real-time inventory of extensions and SaaS applications to assess their operational, security, privacy, and compliance risks. They should continuously assess and secure extensions and applications, identifying potential security risks, and establish and enforce policies based on third-party risk management frameworks, tailored to the dynamic nature of extensions and applications. The report also recommends implementing automated controls aligned with organizational policies to manage the diverse range of SaaS applications in use.
The full report is available from the Spin.AI site.