Cybersecurity is always about prioritisation and resource allocation. Few companies in the world can implement every security tool available and protect themselves from every threat. Security teams are tasked with making risk management choices, which typically follow a comprehensive cybersecurity risk assessment.
It’s no surprise, therefore, that many enterprises only look at their most important SaaS applications when formulating their security strategy. Critical applications, such as the company CRM, communications hub, and HR management tools, receive the attention of the security team.
Unfortunately, this approach underestimates the damage that can be inflicted when lesser-known applications are breached. Relying on periodic manual audits for those applications often puts sensitive data in harm’s way, leaving companies blind to potential attacks.
A company’s SaaS stack may contain hundreds of applications, each one exposed due to misconfigurations, poor user governance, unmonitored data sharing, vulnerable user devices, and connected third-party applications.
A Breach Out of Nowhere
Last month, the prospect shared a SaaS data breach story where he said he was completely blindsided by the attack, in which the company had lost all the data stored in an application.
“The app wasn’t business critical,” he said while making quotation marks with his fingers, “but we lost a lot of critical information that will be difficult to get back.”
The organization had made a strategic decision to only automate monitoring of Google Workspace, Salesforce, and a dozen other core applications. The rest, they felt, could be secured manually. An investigation after the fact showed that the configurations in the breached application outside the stack monitored by security had been changed over time, and no longer required MFA to access the account. An admin was phished, and it didn’t take long for the threat actor to take control of the app.
The truth is, the security engineer sharing the story wasn’t blindsided by the attack; he and the rest of his organization were completely blind to the mounting threat taking place within this application.
For too long, companies have looked past the changing threat landscape surrounding SaaS apps. The time is now for them to prioritize SaaS security.
SaaS: An Enticing, Low-Hanging Fruit for Threat Actors
Around the world, threat actors are aggressively targeting SaaS applications. A survey conducted by Cloud Security Alliance and Adaptive Shield found that 58% of respondents had been a victim of a SaaS security incident within the past two years.
These incidents, which included data leakage, data breaches, and ransomware, take place everywhere within the SaaS stack. Threat actors have realized that even secondary apps contain critical data.
SaaS applications are particularly attractive to threat actors. With the right phishing expedition and the right application, breaching a SaaS is much easier than hacking into an on-prem network, laterally moving through the network, and eventually finding sensitive data.
These apps are loaded with data. Strategic plans, employee records, customer records, and financial records are just part of the treasure trove being exploited by threat actors. Organizations rarely have the option to back up their SaaS data, and can find themselves in the unenviable position of paying ransoms to get their applications back. Cybercriminals know this and find SaaS apps to be a quick payday.
A Devastating Blow
Data breaches are expensive. Some lead directly to a loss of sales, while others simply erode trust among partners and customers, pushing them to take their business elsewhere.
Organizations in healthcare, financial services, and other industries may find themselves facing significant regulatory penalties and fines. Even companies in less-regulated industries face GDPR-related fines if personally identifiable information (PII) is exposed.
Putting financial losses aside, losing a SaaS app can mean losing unrecoverable data. If threat actors choose to encrypt or delete data stored in an app, entire projects can be disrupted. Losing the data that powers sales and marketing campaigns often isn’t recoverable, and if it is, manually recreating lost data requires hundreds of employee hours.
Many of a company’s secrets are stored in SaaS applications. Strategic plans, software code, and financial data can all lead to disastrous competitive consequences if exposed. Avoiding this potentially devastating blow is an absolute must for today’s business.
Prioritizing SaaS Security
To date, organizations have not prioritized SaaS security. This attitude toward SaaS security stems from the belief that SaaS data is secure or there is little reason to invest in securing every application. That approach has directly led to a situation where many organizations lack visibility into their SaaS stack.
That attitude is starting to change. In CSA and Adaptive Shield’s 2022 survey, only 17% reported using a SaaS Security Posture Management (SSPM) solution to secure their SaaS stack. One year later, adoption grew to 44%, with another 36% planning on adding SSPM to their security stack within the next 18 months. In addition, 71% of respondents reported that they increased their investment in security tools for their SaaS stack.
All this is positive news. SSPMs provide visibility into configurations, third-party applications, and users that security teams have lacked since adopting SaaS apps. Advanced SaaS security tools include threat detection capabilities and can assist security teams in securing resources from leaking into the public. They provide a full range of security services needed to prevent SaaS incidents from happening in the first place.
There’s No Need to Go In Blind
Like everything in cybersecurity, taking protective measures of the SaaS stack requires a risk analysis. Organisations must balance the cost of securing the SaaS stack with the risk of their applications being breached and the damage an incident can cause.
Fortunately, as seen in the survey mentioned above, organizations are increasingly taking a proactive approach to secure their SaaS stack. They are opting for an improved posture with automated, 24/7 monitoring of their configurations and integrated third-party apps.
Additionally, they are introducing threat detection capabilities through SaaS-centric ITDR tools that are fully integrated into their SSPM. With this approach, they have full visibility into the degree of acceptable risk and protection against mounting threats.