Become a TechRadar Insider
Browsers have become the go-to choice for hybrid workers who relish the flexibility of using multiple devices to access everything from collaborative meetings to cloud-stored files, all via a browser.
The dominant use has also attracted a different persona, the cyber attacker. The sheer volume of browser-based work presents a target-rich opportunity, and enterprises are feeling the results.
Chief Product and Technology Officer at Parallels.
A newly released browser security survey of IT and cybersecurity professionals found 68% of organizations report an increase in browser-related security incidents over the past two years.
Organizations are recognizing this growing threat, with 62% of respondents elevating browser security to one of their top five security priorities.
They’re reflecting this concern (85%) in larger investments in browser security solutions like remote browser isolation, secure extensions, and enterprise browsers.
AI Adding to the Many Flavors of Browser Attacks
Defending against web or browser threats must be a multi-varied approach since today’s cyber-attackers are using an assortment of entrance points. The top five methods organizations are seeing are data loss or leakage, malicious browser extensions, vulnerable browser extensions and plugins, and malicious scripts.
AI has entered the arena, adding to IT and security teams’ concerns about protecting against this ever-increasing volume of new threats. Targeted phishing, social engineering, data leakage via unsanctioned AI applications or browsers, deepfake or AI generated malicious content are top culprits.
Another AI security threat is the overwhelming popularity of public GenAI platforms. How to manage secure use of these platforms by employees is another challenge IT faces. Omdia research found that secure browser solutions are becoming increasingly relied on to help secure or restrict access to GenAI applications.
Other popular methods are using a secure web gateway (SWG), a SaaS security solution or dedicated GenAI security tools. This challenge is often associated with “shadow AI,” or the uncontrolled use of public GenAI platforms by employees, which many CISOs view as a material security risk due to the potential data exposure, policy circumvention, and compliance concerns.
Thwarting Cyber Attackers with Browser Isolation
Among available browser security solutions, browser isolation is gaining favor as organizations look to decouple endpoints from browser-borne risk, which shows no signs of slowing down. Increased use of public GenAI applications, access from unmanaged or personal devices, and human error are all driving attack-surface growth and raising the likelihood that threats will enter through browser activity.
The era of remote/hybrid work has increased exposure risk across these multiple fronts as remote workers use personal and unsecured devices to conduct browser activity, adding to Shadow IT and Shadow AI risks.
Organizations, mindful of browsers’ dominance, are adding more budget to improve security. The browser isolation market is projected to grow from $2.53 billion in 2026 to $7.65 billion by 2031 at 24.74% CAGR over 2026-2031. As the Omdia survey notes, almost half of the organizations want their browser isolation choice to integrate well with other security solutions as a ‘better together’ strategy.
Browsers isolation will continue to gain in deployment as organizations look for a way to contain threats in an expanding attack surface. It answers this need by running web-based applications in isolated browser sessions, helping contain web-borne threats and creating logical separation with an “air gap” approach between the browsing session and the enterprise network reducing the attack surface and creating an ‘air gap’ between the browsing session and the enterprise network.
Hybrid workers can use their web browser of choice to securely access web applications including Software as a Service (SaaS) and other cloud applications. IT staff can manage policy controls via web-based console to ensure the activity meets security access guidelines.
Organizations looking for an economical alternative to VPN and to stabilize infrastructure subscription costs have the option of self-hosted browsers and can use a browser isolation solution tailored to on-premises or private cloud secure workflows. In these models, sandboxed browser containers are hosted on-premises or in a private cloud to secure access to SaaS, internal web applications, and privately hosted services without exposing the enterprise network.
IT staff can save time with centralized policy controls and by automating the compliance reporting process and logs to support meeting regulatory standards.
To Protect the Bottom Line, Humans Still Count
Secure browsing solutions are highly effective in reducing attack surfaces and lowering risk. To strengthen risk prevention, it’s still smart strategy to remember the individual’s role in security. AI targeted phishing, social engineering, and unsanctioned AI applications all thrive in part because human action remains a common entry point.
Communicating with a dispersed remote workforce is challenging but reinforcing the need to always be aware of threats, like phishing, will have concrete benefits when paired with robust browsing isolation and other secure solutions.
Omdia surveyed organizations on the effects of attacks caused by employee web browsing or access to corporate applications. After impacting IT and security teams, the negative results included having to purchase or replace security tools, downtime, compliance and litigation issues and loss of revenue.
The survey also recorded a negative impact to brand management and shareholder value, underscoring the broader organizational impact of human-enabled security incidents.
The Threat Future is AI’s Game
The data shows organizations want to use AI for positive benefits like threat detection and response. They are also keenly aware of the many ways in which cyber-attacks are using AI to launch a new generation of threats.
In practice, tactics, like phishing and social engineering and exploiting the vulnerabilities of unsecured applications do have practical and enforceable remedies. IT and security teams can impose controls on public AI platforms, on authorized websites and on unauthorized applications. They already have shown a willingness to increase investment in secure browser solutions including browser isolation.
The threat future may be AI, but the secure future will belong to organizations which counterattack with a full array of browser and application defense technologies.
We list the best small and medium business (SMB) firewall software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit