Security News
These SaaS apps cover everything from CRMs to supply chains to marketing and HR. The data within is used to understand consumer habits, improve marketing campaigns, and manage employees. While it is unclear whether the recent breaches at fast food chains involved SaaS applications, what is clear is that threat actors are increasingly turning their attention to restaurant chains.
"The attack surface in the SaaS ecosystem is widening, and just as you would secure a cloud infrastructure with Cloud Security Posture Management, organizations should secure their SaaS data and prioritize SaaS security," asserts Maor Bin, CEO of Adaptive Shield. "In last year's survey, 17% of respondents said they were using SSPM. This year that figure has soared, with 80% currently using or planning to use an SSPM by the end of 2024. This dramatic growth is fueled by the fact that 55% of organizations stated they recently experienced a SaaS security incident, which resulted in ransomware, malware, data breaches, and more. Threat prevention and detection in SaaS is critical to a robust cybersecurity strategy spanning SaaS Misconfigurations, Identity and Access Governance, SaaS-to-SaaS Access, Device-to-SaaS Risk Management, and Identity Threat Detection & Response," Bin continued.
Over 55% of security executives report that they have experienced a SaaS security incident in the past two years - ranging from data leaks and data breaches to SaaS ransomware and malicious apps. The SaaS Security Survey Report: Plans and Priorities for 2024, developed by CSA in conjunction with Adaptive Shield, dives into these SaaS security incidents and more.
Tech companies must take SaaS security seriously to prevent resources from leaking or being stolen. A strong SaaS posture is important for any company, but it is particularly important for organizations that store their proprietary code in SaaS applications.
These changes, coupled with the need for stronger collaboration with third-party vendors, have led them to SaaS applications to handle their CRM. Today, telecoms are using SaaS apps for billing, HR, call management, field operations management, tracking call center effectiveness, and hundreds of other applications. The advertisers are given access to the telecom's SaaS apps, where they can mine for data and develop powerful marketing and advertising campaigns.
The browser is also exposed to multiple types of cyber threats and operational risks. LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and geolocations.
Critical gaps in existing solutions' capabilities, security architecture that doesn't recognize the browser as a prominent, standalone attack surface, and low resilience to web-borne threats are among the findings of a global survey by LayerX. 150 CISOs across multiple geographies and verticals were polled about their security practices across various disciplines that ultimately come down to securing users, data, and applications within the browser: secure SaaS access, SaaS security and data protection, BYOD, phishing protection, and browser security posture. Respondents' answers were classified according to their architecture: all-SaaS, hybrid, and mostly on-prem, showing how the relative importance of the browser increases concerning the level of the organization's SaaS adoption.
According to this review, 84% of the companies had employees using an average of 3.5 SaaS applications that were breached in the previous 3 months. The exponential growth in SaaS usage has security and IT teams struggling to keep up with which SaaS applications are being used and how.
According to Statista, the average organization employs 100+ SaaS apps, many of which are unsanctioned by IT, creating a glaring gap in SaaS security. Rather than approaching Security or IT to understand policies for onboarding new SaaS solutions - and facing the likelihood of red tape, delays, or denial for their requests - they break out the credit card or opt for a 30-day free trial of the SaaS apps.
There are essentially two ways to share files and documents out of a SaaS application, although the terminology used by M365, Salesforce, Google Workspace, and Box is slightly different. Sharing a file with anyone who has the link is much less cumbersome.