Again and again, I meet companies asking why they should protect their browsers and why attackers should target their company.
If we look at some of the recent attacks, these have hit widely and without specific target, Maersk being an example. Over the last months, we have seen new attack vectors and malicious attacks originating in the browser and 57% of all companies today consider their users the weakest link in their security perimeters. While you can implement Firewall, Virus scanning and DDoS protection, it is only 20% of companies who protects users in the browser, a scary fact.
With the implementation of EU GDPR in May 2018, we will soon see new legislation, requiring protection of the users across the different platforms and including the browser.
So when is it enough? I always recommend that the company makes a risk profile to evaluate the cost of an attack. While obvious costs such as direct theft, number of man hours spent etc are easy numbers it may be far more difficult to identify the cost of IT breakdown and companies should consider risks such as how long they can maintain production without IT, what is the risk of lost customer loyalty, bad image and a shit-storm. Companies should also consider that a customer who diverts to a competitor during an IT breakdown may be a customer lost forever, so the hidden costs of Cyber Crime may be far higher than the obvious and as such have to be considered when you calculate your ROI for security software.
Can you afford the consequences or is it time for new security measures?