NSS Labs Announces Results of 2018 Web Browser Security Test (HITS)

NSS Labs announced the release of its 2018 Web Browser Security Comparative Reports. These reports examine the abilities of three leading web browsers to protect users from socially engineered malware and phishing attacks.

Phishing attacks and socially engineered malware (SEM) are among the most prominent and impactful security threats facing users today. These attacks pose significant risk to individuals and organizations alike by threatening to compromise or acquire sensitive personal and corporate information. Phishing attacks are becoming increasingly complex and sophisticated, which makes them harder to visually detect prevent and more difficult to generally prevent.

For several years, the use of social engineering has accounted for the bulk of cyberattacks against consumers and enterprises. SEM attacks use a dynamic combination of social media, hijacked email accounts, and false notification of email accounts to take advantage of the implicit trust between contacts and to deceive victims into believing that links to malicious files are trustworthy.

The NSS Labs 2018 Web Browser Security Test assessed the average block rate, consistency of protection, amount of time required to add protection for new threats, and zero-day protection capabilities of leading browsers. The findings from the 2018 Web Browser Comparative Reports provide valuable insights to help both enterprises and end users establish a strong layer of defense and minimize risk through a secure browser experience.

Key Findings:

— Phishing block rates ranged from 94.3% to 96.7%. — Zero-hour phishing protection ranged from 77.3% to 89.5%. — The average overall block rate for SEM was 99.7% when security capabilities built into the operating system (OS) were taken into account. — Built-in OS security contributed between 9.6% and 19.5% to the SEM security efficacy score for two of the three browsers tested.

Key Takeaways:

— Immediate protection against new phishing URLs is critical. As phishing sites are discovered, they are taken down, often within a relatively short amount of time. Products that fail to add protection in a timely manner will expose users to greater risk. — To minimize risk, NSS Labs recommends that users select browsers with the following capabilities: o Higher phishing block rates, consistency of protection, and early protection against new threats o The right combination of OS and browser — Education is a key component of protection against SEM and phishing attacks. Users who are able to identify socially engineered attacks rely less on technology for protection against such attacks. NSS Labs recommends supplementing browser protection with user education to protect against attacks that bypass browser protections.