Employee browser activity creates a security blindspot
Thanks to a growth in remote working and the use of SaaS applications enterprise reliance on browsers is growing, but this leaves them open to risks stemming from dangerous employee web behavior.
According to a cybersecurity expert at network security platform NordLayer, some employee activity that may go undetected by security teams can result in confidential data and industry secrets leaks or violations of GDPR.
"Companies are embracing web-based software as a service (SaaS) applications for various benefits, such as cost reduction and increased efficiency. However, due to increasing dependency, the browser is becoming a significant cybersecurity concern," says Andrius Buinovskis of NordLayer. "Aside from attracting the attention of cybercriminals, it's also become a hub for insider threats or employee error, which can result in devastating security breaches. The most concerning element is the lack of observability security teams might have into employee activity in the browser, creating an alarming blind spot."
One of the main dangers from browser use is data exfiltration, where ill-intended employees can use the browser's limited observability to steal confidential company information. There's also a risk that unauthorized browser extensions will be installed, some of which are malicious and prey on unsuspecting users to collect sensitive data, modify browser behavior, and create security vulnerabilities.
Shadow IT is an issue too, not all web-based SaaS applications are safe to use -- some might have significant security vulnerabilities, resulting in data leaks or compliance violations. Without proper monitoring, these applications can go undetected, expanding the scope of unmanaged apps.
The traditional browser's lack of observability and behavioral analytics makes it easier for malicious employees to fly under the radar and access sensitive data or converse with third parties.
"Traditional browsers are not built with security and observability in mind -- their primary target is to provide a user-friendly interface. These capabilities are more or less sufficient for personal use but are inadequate to safeguard a business," adds Buinovskis. "Even if a company has an extensive cybersecurity strategy and a large team of security experts at their disposal, the lack of built-in security and monitoring features in a traditional browser still leaves them vulnerable and more likely to experience a safety incident."
You can read more about browser security on the NordLayer site.
Image credit: jpkirakun/depositphotos.com