Unintended Cybersecurity Consequences of Newer Technologies

Companies looking to reap the rewards associated with digitization are also opening up new avenues of attack for cybercriminals. Despite delivering competitive advantages, digital transformation has also introduced greater complexity to the IT environment. Businesses are using multiple Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) environments, as well as hundreds of SaaS applications at once. Four in ten respondents rated complexity as the most significant barrier to securing data effectively.[i]

Browser-based solutions are the key to incorporating digital technologies into business.  While the browser is not new, there are new versions of the standard components (HTML5, CSS 4, HTTP/3, TLS 1.3) and new technologies in the browser itself (web development frameworks, programming languages).   Google Chrome has 35M lines of code in 36 languages (C++, HTML, C, JavaScript, Python, Shell script, Assembly, Ruby, Go, TCL, Perl, PHP, XML, Objective-C, …). Combined, the browsers have over 9,000+ CVEs.[ii]   The browsers are marvels of engineering, and each new version comes with new technologies enabling development of new tools.  As history repeats itself, what are new tools to some are new weapons to others.  And new technologies often have unintended consequences.  The army of cybercriminals is alongside if not ahead of us in the use of the most advanced tools, technologies, and techniques.

Nearly 90% of successful endpoint compromises included ransomware, spear phishing, credential theft, and social engineering. Technologies such as the browser are widely used and play a crucial role in the early stages of many intrusions.[iii]   And the volume and sophistication of attacks increases.  As attackers take advantage of every new technology added to the browser, defending an enterprise against ransomware, phishing, and other cyber threats gets more and more difficult, and consumes more budget and staff resources.  How can we stop this madness, or at least slow it down?

Imagine your house is a web browser.  The front door of your “web house” is always left wide open.  You can invite someone from anywhere around the world into your house, just send a request out on port 80 or 443.  When someone responds to your invitation, most of the time they are who you expect, but like browsing the web, you really don’t know if they are good, bad, or unknown. One day you realize that having an open front door is not good enough security, and you install a home security system (new technology).  But because your house is architected like a browser, the front door remains open.  Like browsers, home security systems evolve creating new versions with new technologies.  It sounds crazy to have an open-door policy, letting everyone through the front door of your house and counting on the security system to detect the bad guys before their attack succeeds.  But that is precisely how the web browser and detection-based security systems work.  Each year we pay more for our home security system, and every year the front door remains open.

The sad reality is that despite the industry’s best efforts, web browsers are enormously vulnerable to compromise and will likely remain that way for the foreseeable future.  The good news is browser isolation provides a simple, effective way to move the attack surface of your local browser off your endpoint without unintended consequences. No change in end-user behavior.  No massive security team to manage more alerts.

Learn more about remote browser isolation as provided by the Isla Isolation Platform here

[i] https://www.techradar.com/nz/news/digital-transformation-opening-up-new-avenues-of-attack

[ii] Does Your Web Browser Need a Stunt Double?, Rajiv Raghunarayan presentation at SANSFIRE 2020.

[iii] https://www.techradar.com/nz/news/digital-transformation-open

John Klassen

Sr. Director - Product Marketing