How Leaders Are Closing the Browser Security Gap
June 12, 2025 in Security by Tech Scout
You’ve got the stack. You’ve done the training. But threats are still getting through. The weak point? It’s not your EDR or your firewall. It’s your browser.
At our Stealth Security Experience in Chicago, Cliff Moore, CISO of Wilson Sporting Goods, said it plainly: “Where the awareness ends, the technology has to pick up.”
He’s right. Even world-class phishing programs still see 6 to 7 percent click-through rates. That’s not failure. That’s human nature. People click. And in global environments, that margin for error turns into hundreds of risky interactions a day.
What’s changed is the sophistication of the threat. Attackers aren’t sending sloppy scams. They’re registering lookalike domains with aged reputations. They’re launching copycat SharePoint pages that pass inspection. They’re targeting people, not networks, with links built to disappear after doing the damage.
A growing blind spot for modern security teams
These threats don’t always trip alarms, but they’re far from harmless. And traditional protections rarely cover where users actually operate—Slack, Teams, LinkedIn, or a hotel network across the globe.
Cliff’s team at Wilson knows the stakes. With operations across Europe and China, a roster of high-profile athlete partners, and proprietary product designs in motion, browser protection isn’t optional. It’s become part of the job.
How CISOs are filling the gap
They’re not overhauling the entire stack. They’re closing the gaps that legacy tools miss. And right now, that means protecting the browser itself.
At Wilson, that meant deploying Conceal. It’s a lightweight, browser-agnostic extension that evaluates every clicked link in real time. Clean ones open as usual. Suspicious ones are blocked or redirected into a secure sandbox. And if a user hits a fake login page? It stops them from typing anything in.
No added training. No change in behavior. Just protection where it’s needed most.
Mobile makes it harder
Even with tools like Zscaler in place, mobile browsing still creates exposure. Cliff pointed this out as a major driver behind their decision. With users constantly moving and executives bouncing between continents, mobile visibility needs to travel with them. They don’t need to open a VPN or file a ticket. It just works.
The takeaway for leaders
The browser wasn’t built for enterprise security. But it’s now a live endpoint in every organization. If your defenses end at the perimeter or rely entirely on user vigilance, the gap is already there.
CISOs who are ahead of the curve are already closing it. They’re not locking users down. They’re making every click safe.
Join us at a future event?
Our events are designed for high-level technology leaders who want real conversations, not canned demos. Whether we’re diving into security, cloud strategy, or what’s next in the enterprise stack, you’ll leave with insight worth acting on.
Clifton Moore is the CISO at Wilson Sporting Goods and a recognized expert in cybersecurity risk. He specializes in protecting organizations from data breaches, ransomware, and advanced cyber threats. With experience spanning both public and private sectors—including work with federal agencies, Cook County, and local municipalities—Cliff brings a clear, investigative approach to threat analysis and enterprise protection. His work focuses on helping organizations understand their risk and build practical defenses that last.
