Security News

96% of respondents indicated they were still 'confident or very confident' in their organization's SaaS security measures, and yet, 'managing the security of SaaS applications' is the top challenge for IT leaders. The effects of generative AI. IT leaders must now factor the effects of generative AI, such as ChatGPT, into their overall SaaS security approach.

A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. When asked to rate the SaaS cybersecurity maturity level of their organizations, 71% noted that their organizations' SaaS cybersecurity maturity has achieved either a mid-high level or the highest level.

The healthcare industry was hesitant to adopt SaaS applications. Learn how to secure your entire SaaS stack with an SSPM solution.

As security practices continue to evolve, one primary concern persists in the minds of security professionals-the risk of employees unintentionally or deliberately exposing vital information. While access controls, encryption, and monitoring systems are crucial for identifying and mitigating unauthorized access and suspicious activities, the increasing prevalence of cloud-based environments and the surge in SaaS application usage demand a fresh perspective on Insider Risk Management from a SaaS security standpoint.

Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can agree on is the need to secure their SaaS stack. Clearly, retailers must take concrete steps to secure their SaaS stack.

Productiv analyzed how nearly 100 million SaaS licenses were used over the last three years - including more than 100 billion app usage data points to produce an in-depth look at pivotal SaaS stats and insights on SaaS growth, spend, consolidation and usage. SaaS growth continues apace, even as companies improve SaaS spend management.

They raise legitimate questions about the usage and permissions of AI applications within their infrastructure: Who is using these applications, and for what purposes? Which AI applications have access to company data, and what level of access have they been granted? What is the information employees share with these applications? What are the compliance implications? Each AI tool presents a potential attack surface that must be accounted for: Most AI applications are SaaS based and require OAuth tokens to connect with major business applications such as Google or O365.

A February 2023 generative AI survey of 1,000 executives revealed that 49% of respondents use ChatGPT now, and 30% plan to tap into the ubiquitous generative AI tool soon. 1 - Threat Actors Can Exploit Generative AI to Dupe SaaS Authentication Protocols #. As ambitious employees devise ways for AI tools to help them accomplish more with less too, do cybercriminals.

These SaaS apps cover everything from CRMs to supply chains to marketing and HR. The data within is used to understand consumer habits, improve marketing campaigns, and manage employees. While it is unclear whether the recent breaches at fast food chains involved SaaS applications, what is clear is that threat actors are increasingly turning their attention to restaurant chains.

"The attack surface in the SaaS ecosystem is widening, and just as you would secure a cloud infrastructure with Cloud Security Posture Management, organizations should secure their SaaS data and prioritize SaaS security," asserts Maor Bin, CEO of Adaptive Shield. "In last year's survey, 17% of respondents said they were using SSPM. This year that figure has soared, with 80% currently using or planning to use an SSPM by the end of 2024. This dramatic growth is fueled by the fact that 55% of organizations stated they recently experienced a SaaS security incident, which resulted in ransomware, malware, data breaches, and more. Threat prevention and detection in SaaS is critical to a robust cybersecurity strategy spanning SaaS Misconfigurations, Identity and Access Governance, SaaS-to-SaaS Access, Device-to-SaaS Risk Management, and Identity Threat Detection & Response," Bin continued.