Browser Threats Expand Across Enterprise Networks  | eSecurity Planet
Threats
SHARE
Facebook X Pinterest WhatsApp

Browser Threats Expand Across Enterprise Networks 

A NordLayer report warns that browser-based applications and stolen sessions are expanding enterprise cyber risk.

Written By
Ken Underhill
Ken Underhill
May 28, 2026
4 minute read
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

A NordLayer report warns that browsers have become the primary workplace interface, increasing exposure to credential theft, phishing, malware, and session hijacking attacks.  

The study found that 100% of the 504 analyzed workplace applications supported browser access, while 78.8% were entirely browser-based.

According to the report, browser-related incidents are now widespread across organizations. 

The report also found that 82% of surveyed IT professionals said their organizations experienced a security incident tied to browsers, websites, or web applications during the previous 12 months, while 53% described the impact as moderate or significant.

“More and more often, hackers are not breaking in — they are logging in,” the report stated, referring to the growing use of stolen credentials and hijacked browser sessions to access enterprise systems.

Key Takeaways from the Browser Threat Report

  • Browsers have become a primary enterprise attack surface as organizations increasingly rely on SaaS applications, remote work, and BYOD environments.
  • Infostealer malware and stolen session cookies are driving large-scale credential theft and session hijacking attacks across enterprise networks.
  • Many organizations remain overconfident in their security posture despite gaps in browser-focused protections such as SWG.
  • Stolen browser sessions can allow attackers to bypass passwords and MFA while appearing as legitimate users inside enterprise systems. 

Credential Theft and Session Hijacking Remain Major Risks

The report focused heavily on infostealer malware, which is designed to harvest saved passwords, session cookies, autofill data, and authentication tokens from browsers. 

Researchers noted that infostealers often complete data theft operations in less than 10 seconds before transmitting stolen information to attacker-controlled infrastructure.

NordLayer and NordStellar analyzed stolen credential data collected between January 2024 and February 2026 and found that tens to hundreds of millions of credentials were stolen every month through infostealer campaigns. 

In November 2025 alone, researchers observed approximately 345 million stolen credentials.

The report also identified large-scale theft of browser session cookies, which can allow attackers to inherit already-authenticated sessions without requiring password entry or additional multi-factor authentication (MFA) prompts. 

Researchers observed between 1 billion and 10 billion stolen session cookies monthly during the study period.

According to the report, stolen session cookies are particularly dangerous because attackers can access email, SaaS platforms, cloud consoles, and internal applications while appearing as legitimate users. 

Many organizations also lack tooling capable of detecting suspicious session activity or revoking compromised sessions in real time.

The report cited the 2024 Ticketmaster breach as an example of how browser-based credential theft can escalate into large-scale compromise scenarios after infostealer malware harvested credentials from an authorized user.

Advertisement

Confidence in Security Often Exceeds Control Deployment

Although many organizations expressed confidence in their cybersecurity posture, the report found significant gaps in browser-focused security control deployment. 

While 73% of surveyed IT professionals said their organizations were well or exceptionally prepared for cyberattacks, fewer than 53% reported deploying critical protections such as data loss prevention (DLP), secure web gateways (SWG), or endpoint detection and response (EDR) tools.

The report also found that organizations increasingly rely on browser-based SaaS applications, bring-your-own-device (BYOD) policies, and remote work arrangements, all of which expand the attack surface. 

Approximately 60% of organizations surveyed allowed BYOD usage, while 77% reported moderate or extensive web-based SaaS adoption.

Researchers noted that organizations experiencing the most severe browser-related incidents commonly shared several characteristics, including heavy SaaS dependence, remote work, reliance on personal devices, and extensive BYOD policies.

How Organizations Can Reduce Browser Security Risk

The report recommends strengthening browser-focused security controls as enterprise workflows continue shifting toward web-based applications and cloud services. 

Organizations should focus on limiting credential exposure, improving session protection, and increasing visibility into browser activity across managed and unmanaged devices.

  • Deploy phishing-resistant MFA, such as passkeys or hardware security keys, for email, cloud, finance, and administrative accounts.
  • Restrict unauthorized browser extensions, risky downloads, and access to known malicious websites through browser filtering or secure web gateways.
  • Use dedicated password managers while disabling browser-based password storage across enterprise systems and endpoints.
  • Strengthen endpoint protection, behavioral detection, and malware prevention capabilities across company and BYOD devices.
  • Monitor for suspicious session activity, unauthorized SaaS access, and anomalous authentication behavior across cloud environments.
  • Reduce local administrative privileges and maintain consistent patching across browsers, operating systems, and business applications.
  • Test incident response plans, session revocation, and credential recovery procedures to improve operational resilience.

Collectively, these measures can help organizations reduce browser-based attack exposure and strengthen resilience against credential theft, phishing, and session hijacking threats.

Advertisement

Browser Security Becomes a Core Enterprise Risk

The report highlights how enterprise security risks are increasingly tied to browser activity as organizations continue adopting SaaS platforms, cloud applications, remote work, and BYOD environments. 

Because employees now routinely access business-critical systems through browsers, compromised credentials or sessions can provide attackers with direct access to sensitive corporate environments.

Traditional network perimeters are becoming less effective in browser-centric environments, making identity security, session monitoring, and browser-level protections more important for defending against modern web-based threats.
Ken Underhill

Ken Underhill is an award-winning cybersecurity professional, bestselling author, and seasoned IT professional. He holds a graduate degree in cybersecurity and information assurance from Western Governors University and brings years of hands-on experience to the field.

eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

facebook
linkedin
x

Company

About us Contact us Advertise with us

Categories

Best Products Resources Networks Cloud Threats Trends Endpoint Applications Compliance

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information