This week, there was news that some sensitive information (including details of President Obama’s schedule) were stolen by Russian hackers. Whether you work in the White House or are a plumber from Ohio, the browser has become the most important application on your computer. But it’s also the most vulnerable. A single click on the wrong URL can spiral into an embarrassing and costly data breach.
The insider threat comes more from ignorance than malice
Early analysis has determined that the breach of a State Department computer started with a phishing link in an email opened by an unsuspecting staffer. Gone are the days of poorly-formatted phishing emails with poor grammar and obvious lies. Phishing attacks have become especially dangerous for several reasons.
- Users are almost always the weakest link in any defense. It’s not that they are stupid or easily fooled - even savvy IT professionals can be fooled 94% of the time, according to a survey conducted by Intel Security. Phishing attacks can be extremely convincing with tactics like Zeus trojans and DNS spoofing.
- Credentials for mundane web apps can often be used against high-value targets. Reuse of passwords is a common mistake (over 20% of adults reuse passwords on at least 5 different web apps), and a user’s personal Gmail password could easily be their network or CRM password. And some web apps are more strategic than others - access to an email app can enable password resets for almost any other web app.
- Victims are often targeted with spearphishing or waterhole attacks. Your typical user has little chance against a motivated, sophisticated, patient, and informed attacker. The Sony hack had plenty of evidence of inside knowledge that was either stolen over a long period of time or obtained from a disgruntled employee. A 2015 Ovum study showed 93% of organizations felt that their employees pose the biggest threat to their overall security. But for the most part, it's ignorance or negligence that's the problem, not malice, e.g. employees who click on malicious links or lose a mobile device.
The solution is to insulate web data with a cloud-based browser
A cloud-based browser addresses these issues. By using a service, not only do users benefit from automatic patches, state of the art defenses (e.g. DNS and certificate management), but also admins gain centralized visibility and reporting over all online activity. A browser in the cloud benefits organizations in three key areas - improved security, identity management, and policy controls.
- Improved Security: Users access a cloud-based browser via a remote display protocol, so no web code is executed locally. By insulating web code in a remote session, all malware is rendered useless. A browser in the cloud provides bi-directional insulation to also protect web data from local threats and user missteps.
- Identity Management: By managing credentials in the cloud, users are prevented from entering their own passwords on fraudulent web pages. Taking credentials out of the hands of users improves security because users can’t be phished if they don’t know their own passwords.
- Policy Controls: With the browser session secured in the cloud and the credentials controlled by admins, admins can now enforce policies in every session, regardless of the location of the user or the device being used. Policies that prevent downloads or access to prohibited domains are enforced at the most strategic point possible - the browser.
Bring the browser back under control
Trying to address the risks of web apps by uninstalling the browser is not a practical option; users need a browser to conduct research and access critical data. It’s time to bring the browser back under control with features that protect users and sensitive data.