The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) latest guidance for businesses deems a secure web browser “essential” to protecting critical network assets.
CISA’s Cyber Essentials is a guide for business and government leaders to “develop an actionable understanding of where to start implementing organizational cybersecurity practices.” The Cyber Essentials are a baseline for reducing risk and developing a Culture of Cyber Readiness.
To support its efforts, CISA has introduced Cyber Essentials Toolkits, “a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential.”
“Your Systems, What Makes You Operational”
The most recent toolkit identifies the essential tasks for protecting critical network assets and applications. Executives must know what devices are connected to the network, what applications are in use, who has access to these applications, and implement security measures accordingly.
Among these essential tasks, organizations should leverage “web browser security settings” to protect against unsecured web pages and malicious websites. Suggested mitigations include content filtering to prevent malicious code from reaching desktops and firewalls to “deny traffic to potentially harmful sites while allowing access to acceptable applications.”
While these mitigation efforts are crucial, they’re also far from perfect and tend to instill a false sense of security, as recently documented by Authentic8’s Head of Strategic Initiatives Matt Ashburn in his paper The Billion-Dollar Security Blanket. “The biggest risk of all” (Ashburn) remains overlooked: the browser.
Browsers are the most common entry point for attackers but are often missed when organizations assess security vulnerabilities. In its recently issued Community Defense Model, the Center for Internet Security identified web-application hacking as the most common reason for a breach, with 60% of data loss coming from this attack vector.
Isolate your browser, keep your organization safe
With Authentic8’s Silo for Safe Access, organizations can mitigate the browser security risks identified in the Cyber Essentials Toolkit through web isolation, providing a logical barrier of protection where content filtering and firewalls can fall short. According to the National Security Agency, browser isolation “decreases the impact of exploits by limiting malicious code to an ephemeral environment.”
Silo for Safe Access is a remote browser that embeds security, identity, and data policies. Silo is available from anywhere and any device, so policies follow users regardless of the environment, which is critical during this period of increased telework.
By shifting exposure away from your network and devices, you reduce risk and free up resources needed to move your organization toward the “Culture of Cyber Readiness” that CISA envisions.