ESG research indicates that enterprises will remain at risk until CISOs start considering new types of browser security

If you knew a robber was going to stop by your house tonight, would you leave your front door unlocked? The same principle should apply to the cybersecurity practices of businesses and organizations. You know that there are attackers lurking in the places your employees are going on the web, so why leave those endpoints open to attack?

Given our mission to protect Internet users from the malware-filled web, we recently commissioned a study with Enterprise Strategy Group (ESG) to find out more about how enterprises are dealing with a workforce that depends heavily on the use of web browsers. It turns out that enterprises are well aware of the growing risks they are facing, and yet they are not locking all of their doors at night.

The study and infographic developed by ESG revealed that 90 percent of organizations consider web browsers to be critical to day-to-day business operations and employee productivity. This makes sense; network perimeters are slowly dissolving and giving way to a mobile employee who works from their home or a coffee shop. But ESG also found that 59 percent of organizations think that cyber-attacks are more sophisticated than they were two years ago, and 45 percent claim that cyber-attacks are more frequent than two years ago. Despite these perspectives, 29 percent of organizations surveyed have experienced a security breach within the past 24 months related to an attack that was introduced to the network through an endpoint browser.


If we know the browser is an incredibly vulnerable access point where most of today’s undetected attacks originate, why aren’t we protecting it?


To stick with our robber analogy, using only conventional endpoint security feels like we are locking the front door, but leaving the second floor windows open and hoping the criminals don’t bring a ladder.

Of course there are certainly challenges facing browser-specific security. ESG research indicates that breaches as a result of poor browser security occur as a result of having multiple browsers with different versions on each endpoint. In addition, 23 percent of organizations report that browsers are not monitored for vulnerabilities or configuration problems as often as they should be. The reality is that many organizations simply can’t keep up with the maintenance tasks and security hygiene necessary to protect standard web browsers from attack.

ESG notes, “Browser security won’t get easier anytime soon, leaving organizations open to increased risk of a system compromise or data breach.” Until CISOs start considering new types of browser security models that virtualize web browsers using isolation technology, endpoints, and therefore, enterprises will remain at risk. Isolated and virtualized browsers like Passages can help reduce the time and effort spent keeping up with patches, and can execute all web traffic within a dedicated environment and help protect organizations from all types of browser-based exploits and malware.

View the full ESG infographic, The Case for Secure Virtual Browsers.