You may have heard that browsers were not designed with security in mind. Originally created to make the internet more accessible for scientists, the "free" browser soon morphed into a tool that helped advertisers and marketers turn its users into the product.
The rest is (web) history. In the traditional browser ecosystem, consumers pay for their "free" browser with ad clicks and their online usage data. Inherently insecure browsers have become ubiquitous - even in the federal government and its organizations, where taxpayers expect security to be more than an afterthought.
The high price "free" browsers elicit from federal organizations, in terms of weakened IT security and data protection, was the topic of a recent conversation between John Gilroy, host of Federal News Network's podcast Federal Tech Talk, and Thom Kaye, Federal Program Manager at Authentic8.
One highlight of their insightful exchange on How the browser betrays your organization: Thom explains how location data disclosed by garden-variety browsers (yes, that "incognito" or "private browsing" mode is vastly overrated) is still one of the most common ways for threat actors to figure out whether someone visiting a website is a federal employee or contractor.
In case you didn't know: Thom spent over 20 years supporting the government and industry in intelligence analytics and specialized in geospatial technologies, so he’s the guy to ask about this subject matter.
"I think it’s safe to say a lot of the cyber incidents including phishing and catfishing attempts have a lot to do with geography, specifically in the Washington DC area," says Thom. "[Threat actors] know if they throw out a large net, they’re going to ultimately catch the fish that they want.”
Some people recommend virtual private networks, but "VPN is not a panacea," warns Thom. "It leads you into a false sense of security. And all of the executable code which exists on that website you’re visiting still is delivered to your computer." (For more details on the topic, check out our whitepaper VPN for Secure and Private Web Access? Think Again.)
Listen to the full Federal Tech Talk conversation between John and Thom on Federal New Network here.