The average cost of a data breach is $7.35 million. According to a recent study by Google, third-party data breaches have exposed 3.3 billion credentials, and 7% of passwords that were part of those credentials were tied to other accounts. Unfortunately, attackers are only getting smarter, and cyber attacks are only increasing in frequency. This makes it all the more imperative that consumers and IT organizations examine their security posture, including browser security.
Reexamining browser security is a great step to take when any new cyber attack emerges. In October 2017 the KRACK attack surfaced, and we published a video discussion between our Chief Product Officer Greg Keller and Senior Success Engineer Scott Reed. In this video, they discussed five steps anybody could take to improve their WiFi security in response to KRACK. However, all five of these steps are great to take in light of any cyber attack. In the video, Greg Keller and Scott Reed recommend the following:
- Use patched, secure devices
- Avoid public wifi
- Browse securely (HTTPS)
- Leverage existing VPNs
- Implement RADIUS
This post will focus on browser security, but you are more than welcome to read all of the recommendations here or watch the discussion at the bottom of the post.
A Brief Overview of KRACK
First, what is KRACK? Vulnerabilities within the WPA2 protocol were discovered and exploited in order to undermine WiFi security. Known as the Key Reinstallation Attack (KRACK), this approach provides attackers with the opportunity to see information that is normally encrypted, like passwords and credit card numbers, when exchanged in a network. The KRACK attack affects both WiFi clients and access points, and has been a major cause for concern for IT admins and consumers. One simple, yet effective step anybody can take to address this concern is to reexamine their browser security.
Reexamining Browser Security in Response to Cyber Attacks
With the amount of work productivity that takes place in web-based applications, and consequently in the browser, browser security has become a critical component to security posture. There are a couple of steps you can take to improve and maintain browser security.
1. Use Enterprise Grade Software
When Greg and Scott discuss using patched, secure devices, they warned against using cheap hardware that’s more suitable for your home. This is because these lower end devices don’t always receive patches, and they don’t offer the most secure methods for network authentication. These aren’t the kind of devices you want protecting your company’s digital kingdom. The same goes for software and browsers. For example, using well-respected browsers like Chrome, Firefox, and Safari is crucial because they alert you when your connection is insecure. A less security-conscious browser may not do the same, and you could unknowingly open yourself up to attack. This is why using established, well-respected browsers can have such a significant impact on your browser security.
2. Stay Away from HTTP Sites
One of the simplest methods you can take to improve browser security is to stay away from sites and vendors that use HTTP. The hypertext transfer protocol (HTTP) allows different systems, like your web browser and a web server, to communicate (Entrepreneur.com). Any communication that takes place over HTTP is not encrypted, and for a long time the only web pages that did encrypt this communication were payment pages on online stores. This secure, encrypted form of communication was delineated with HTTPS, the “S” standing for secure.
A few years ago, Google announced HTTPS would be a ranking signal in their search ranking algorithms. This has greatly improved website security because now most websites use HTTPS on all of their pages, protecting any information that is exchanged between a web browser and a web server. So in today’s modern times, any credible vendor should be using HTTPS, and you should reconsider using any website that still implements HTTP.
Choosing to stay away from HTTP sites and using official browsers are two simple steps anybody can take in protecting their device and their company’s network. In light of the recent KRACK attack and the inevitable cyber attacks to come, it would be wise to reexamine your browser security posture before it becomes a problem.