How to protect against 10 common browser threats (free PDF)
Modern browsers store information for your convenience, but that makes them ripe targets for the theft of confidential data. Luckily, you can take certain steps to protect yourself. This ebook looks at some of the most prevalent threats and offers suggestions for hardening your own browser security and for protecting your company as a whole.
From the ebook:
Regardless of your choice of web browser, engineered and unintentional threats can put you at risk when using it. In the previous article, we looked at five of the most prevalent security threats. Unfortunately, there are well more than five threats that can target the web browser, so it remains critical for organizations to implement effective protection from these hard-to-detect attacks.
I spoke to Dr. Christopher Kruegel, the co-founder and chief product officer of malware protection provider Lastline, to discuss the concept of browser security.
“Of all the software in use, browsers are the most exposed,” he said. “They are constantly connecting to the outside world and frequently interacting with websites and applications that cybercriminals have infected with malware. Browsers are powerful data-rich tools that if compromised, can provide an attacker with a vast amount of data about you, including confidential information such as your address, phone number, credit card data, emails, IDs, passwords, browsing history, and bookmarks.”
With that in mind, here are some common browser-based threats Kruegel and I discussed and ideas for how to defend against them.
Plugins and extensions
Browsers often have third-party plugins or extensions installed for various tasks, such as JavaScript or Flash for displaying or working with content. These two are from known quality vendors, but there are other plugins and extensions out there from less reputable sources—and they may not even offer business-related functionality.
Regardless of the origin, plugins and extensions often come with security flaws that attackers can leverage to gain access to your systems or data. These vulnerabilities allow attackers to wreak havoc by installing ransomware, exfiltrating data, and stealing intellectual property.