With software becoming more secure and adept at defending against malware, the cyberattack threat environment has shifted towards phishing. But unlike in the past, where these attacks were predominantly email-driven, they now come from multiple sources such as mobile devices, apps, and Web pages. Since phishing is a human problem that exploits emotions and deals with the psychology of fear and uncertainty, conventional computing methods are not sufficient to defend against them.
One of the biggest problems? The browser.
Threat actors now rely on phishing as the start of the attack chain for ransomware. In fact, it has become one of the most dangerous threats facing organizations and end-users today. Using phishing, bad actors have a great way to control an endpoint using a browser as the delivery method.
Because the browser is seen as a weakness in a business, companies are panicking and locking down employees’ browsers because there are no effective tools available to safeguard against these attacks. By locking down the browser, organizations can limit how their people engage with the outside world. One way is by controlling their browser behavior; namely, they can view content but cannot fill out forms, share or download content.
It is a dangerous path because we are fast shifting to a world where digital engagement is centered on browser usage. In fact, the browser is fast being recognized as the “new operating system”. Isolating people from how the internet was meant to be used as an interactive platform – not only reduces productivity but also leads to the potential for resentment.
For example, employees feel that their employers do not trust them and will use other devices to do the things they wanted to in any case. It becomes a whole other debate around shadow IT and mobile device management that IT teams don’t have the capacity to handle.
Browser isolation also requires a significant amount of security hours from IT teams. These teams need to constantly white list domains to ensure end users can remain productive while still locking down what they “think” is a threat. Additionally, whitelisted domains can be compromised. Legitimate cloud services like Google, Dropbox, or SharePoint are increasingly the location of choice for bad actors and hosting phishing attacks on these services is rapidly increasing because people assume if a domain is legitimate, the site can be trusted.
Security Done Differently
How users engage and interact with their devices and browsers on these devices is really where artificial intelligence (AI) and machine learning (ML) become indispensable tools.
Advanced security tools that leverage AI and ML algorithms can complement human intellect with automated analyses, reducing the time and effort required by a cybersecurity professional to perform the same analysis and at a significantly larger scale.
This literal neural network of gathered security intelligence helps address the current skills shortage in the cybersecurity market. And it does it by taking what one human can do in one hour and multiplying it by thousands. But, more importantly, it injects solutions with the ability to detect known and unknown instances of phishing proactively into an environment.
For example, a cybersecurity tool starts to understand what makes an application, extension, Web page, and spoofed page malicious by applying deep ML. So, instead of blocking employees from using their browsers, applying AI and ML means they can go about their day-to-day routine. At the same time, the technology automatically introduces a more sophisticated layer of protection all in the background. The beauty? All of this is ticking on in the environment without placing unnecessary strain on security teams.
Realistically, organizations have no choice but to embrace AI and ML if they want to remain safe. According to Osterman, cybercriminals themselves use AI and ML to generate new malware variants, ransomware families, and phishing campaigns. With millions of these new ‘mutated’ threats being released daily, the only defense is using ML-powered protection. We always say it is better to fight machines with machines, and this is the perfect example of exactly how relying on the intelligence drawn from these systems will help thwart security threats.
Of course, it is one thing to have a cloud-based environment that can leverage this technology. Companies have been investing millions in securing their multi-cloud environments, but what about the devices themselves?
What about browsers themselves?
Intelligent defense requires on-device ML technology that extends to the browser to mitigate the risk of compromise.
Such an on-device AI phishing defense solution with natural language and link-based detection can protect users from mobile-based smishing, browser-based spear phishing, and business email compromise. Combining the best cloud and on-device defenses results in a pre-emptive environment that sees companies automatically get advanced visibility, detection, and protection from emerging threats.
It comes down to delivering cloud-scale resources to real-time, multi-vector, multi-payload phishing threat detection. As such, organizations are protected from more evasive tactics and previously unknown, zero-hour threats missed by URL inspection and domain reputation analysis methods.
Ultimately, using AI and ML-driven defenses means companies do not have to isolate their users from the internet. This will save them reputational damage and help to avoid potentially sticky HR situations where people may decide not to work for a business they view as draconian and archaic.
The browser has become the new operating system. It is where today’s employees and consumers live, work, and engage with the outside world. The only way to truly improve user security is by embracing ML protection.