On the topic of cyber security, a lot has been written about hardening the network and beefing up security on applications like email, which is the top choice for most phishing attacks. However, one topic that doesn’t get as much press as it deserves is browser-based security.
Secunia Research’s 2016 Vulnerability Review found that among the five most popular web browsers (Google Chrome, Mozilla Firefox, Internet Explorer, Opera, and Safari), 1,114 vulnerabilities were discovered in 2015, and the majority were rated highly critical.
From browser extensions to browser-based applications, cybercriminals are exploiting these vulnerabilities to break through company’s security defenses. The more widespread a browser program is and the higher the unpatched share, the more lucrative it is for a malicious hacker to target the program, as it will allow them to compromise more victims. In fact, web-borne malware is likely to have infiltrated more than 75 percent of enterprises through inherently insecure browsers, according to a survey conducted by the Ponemon Institute.
Here are some of the leading browser vulnerabilities along with best practices for protecting your customers from these threats.
Customers Are Using More Than One Browser
Most MSPs understand the importance of keeping their customers’ Microsoft Office and other business apps and firmware patched on a regular basis. Within the Microsoft Office suite is Internet Explorer, a web browser capturing 99 percent market share, according to the Secunia Research report. While Internet Explorer may be installed on nearly every computer, the vast majority of users are leveraging additional browsers such as Mozilla Firefox and/or Google Chrome, which make up 64 percent and 66 percent market share, respectively. Not only do these browsers have a higher number of vulnerabilities (Google Chrome had roughly 300 more vulnerabilities than Internet Explorer, for example), they are much easier to fall off of an MSP’s radar — especially if users are given carte blanche permission to install whatever apps they wish on their computers.
The Biggest Threats: Outdated Browsers, Extensions, and Plug-Ins
While many MSPs may block specific websites that pose high risks for web-borne threats, such as sites containing adult content, gambling, or peer-to-peer file sharing, there are additional avenues cybercriminals use to exploit web browsers. One of the biggest targets is outdated plug-ins. A case in point is one of the most popular plug-ins, Adobe Flash. In Verizon’s 2016 Data Breach Investigations Report, for example, it was discovered that the majority of Adobe Flash-related browser exploit cases were due to users failing to update their plug-ins in a timely fashion. In fact, more than half of users had Flash versions that were more than one year out of date. Needless to say, enabling automatic updates can go a long way in protecting your customers.
Beware of Changing Risk Profiles Within Web Apps
Not all web applications sharing the same platform have the same risk profile and business value. For example, while viewing Gmail, a user can launch a Google Talk session within the same user interface. The former presents a lower risk than the latter. Similarly, viewing an email via a web browser carries a different risk profile than sending or opening an email attachment via a web browser. Traditional firewalls and web security tools miss these important distinctions, which is why MSPs should use next-generation firewalls. These solutions can recognize application changes occurring within the session by continuously evaluating the traffic and applying the appropriate policy controls.
Don’t Forget About Browsers’ Forensics Role
While preventing breaches is the ultimate goal of every security strategy, the growing reality is that nothing is 100-percent foolproof. If and when a threat breaches the perimeter, however, it’s helpful to understand how it occurred so measures can be taken to prevent further occurrences. Browsers play a key role in this forensics effort, tracking users’ history in cache. Verizon’s 2016 Data Breach Digest report highlights a ransomware breach involving three affected computers. The Verizon security team was able to identify the point of origin of the attacks by looking through network logs, but their efforts were stopped short due to the client’s browser settings. “Unfortunately, the settings for the default internet browser were set to clear its history, cookies, and cache upon exit, so browser analysis failed to bear any fruit,” the author noted. This is why it is important to ensure that users’ caches are retained.
Knowing the mission-critical role web browsers play in your customers’ businesses, it’s crucial that these applications be secured and monitored as closely as your customers’ IT networks and other business applications. Using advanced security tools, such as next-gen firewalls, and applying security best practices that include controls over which browsers can be installed and how the browsers should be configured, can go a long way in keeping your customers out of harm’s way.
