Report Surfaces Extent of SaaS Application Insecurity

An analysis of how 493 organizations are employing software-as-a-service applications published today by Wing Security finds nearly all experienced a security incident involving at least one application.
A full 81% reported security incidents involving an application that was only being used by a single user.
In total, 41% of the applications analyzed were only being accessed by a single user, with 63% of those applications not being accessed for at least three months, the report noted.
The report found 20% of organizations were providing access to SaaS applications and the data within to individuals they no longer employed.
A full 85% of organizations are providing access to SaaS applications to users outside of their organization.
Wing Security COO Ran Senderovitz said the report makes it clear there is a pressing need to consolidate SaaS applications at a time when organizations are now effectively tracking how any sensitive data stored in these platforms is accessed and managed.
It's not uncommon for SaaS application credentials to be stolen, with cybercriminals then taking advantage of privilege escalation to access an organization's most sensitive data, he noted.
Organizations need to make sure policies to ensure least privilege policies are enforced in addition to consistently applying multifactor authentication, added Senderovitz.
Overall, the report finds the average employee has access to 29 different SaaS applications.
That issue is only going to be further exacerbated as employees access to SaaS applications infused with artificial intelligence, noted Senderovitz.
The report finds nearly all organizations are accessing SaaS applications that have AI capabilities, while 83% are accessing AI applications such as ChatGPT. A full 70% are accessing AI platforms that can use the data shared with them to train future iterations of AI models.
The core issue is that most users of these applications assume there is a level of security that is often either non-existent or limited at best, said Senderovitz.
The report finds 25% of users of SaaS applications publicly share files with anyone with a link, with more than two-thirds of those links providing write permissions.
A full 50% of organizations shared more than 1,500 files with anyone with a link.
Not surprisingly, the report finds nearly three quarters of organizations shared sensitive content externally.
Wing Security is making a case for a SaaS security posture management platform that can block sensitive data from being shared with more than 300,000 SaaS applications.
Most recently, the company added support for a range of generative AI applications.
There is little doubt that attacks against SaaS applications will only increase in volume and sophistication, especially as deep fakes created using AI tools are incorporated into phishing campaigns.
The issue that organizations need to come to terms with is many of these SaaS applications, especially in the COVID-19 era, were provisioned by business users who often have little appreciation for nuances of cybersecurity.
Each SaaS application employed only serves to increase an attack surface that most cybersecurity teams are already too overwhelmed to defend.


This Cyber News was published on securityboulevard.com. Publication date: Tue, 06 Feb 2024 18:43:04 +0000


Cyber News related to Report Surfaces Extent of SaaS Application Insecurity

The ONE Thing All Modern SaaS Risk Management Programs Do - Reducing SaaS risk is, without a doubt, a difficult challenge. Gaining visibility into all the SaaS apps used across an enterprise is hard enough, but it becomes an even greater challenge when only a portion of the apps go through the company's ...
7 months ago Securityboulevard.com
SaaS Asset and User Numbers are Exploding: Is SaaS Data Security Keeping Up? - DoControl's recently released The State of SaaS Data Security 2024 report revealed a striking picture of ballooning SaaS asset and user numbers alongside security gaps that open the door to exploitation. The report, based on data from DoControl's ...
7 months ago Cybersecurity-insiders.com
Report Surfaces Extent of SaaS Application Insecurity - An analysis of how 493 organizations are employing software-as-a-service applications published today by Wing Security finds nearly all experienced a security incident involving at least one application. A full 81% reported security incidents ...
9 months ago Securityboulevard.com
How the New NIST 2.0 Guidelines Help Detect SaaS Threats - The SaaS ecosystem has exploded in the six years since the National Institute of Standards and Technology's cybersecurity framework 1.1 was released. Back in 2016-2017, when version 1.1 was initially drafted, SaaS held a small but significant place ...
8 months ago Bleepingcomputer.com
The Qlik Cyber Attack: Why SSPM Is a Must Have for CISOs - On November 28 2023, Arctic Wolf Labs reported on a new Cactus ransomware campaign which exploits publicly-exposed installations of Qlik Sense, a cloud analytics and business intelligence platform. With a breach like Qlik, the first question that ...
11 months ago Securityboulevard.com
CVE-2024-27080 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
11 months ago Esecurityplanet.com
How to Eliminate Shadow IT and Achieve a Secure SaaS Environment in 2023 - The prevalence of Shadow IT has grown exponentially over the years, with most organizations being unaware of the security risks of unauthorized cloud applications. Shadow IT is any application or cloud service being used by employees for business ...
1 year ago Thehackernews.com
CVE-2024-26794 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between ordered extent completion and fiemap For fiemap we recently stopped locking the target extent range for the whole duration of the fiemap call, in order to ...
7 months ago Tenable.com
Cyber Insecurity and Misinformation Top WEF Global Risk List - The latest World Economic Forum Global Risks Report 2024 highlighted the rising tide of cyber threats and places misinformation and disinformation as the most severe risk globally. It also warned of low-cost crime havens and issues surrounding ...
10 months ago Infosecurity-magazine.com
Who is Responsible for Ensuring the Security of Data in SaaS Applications - As SaaS applications became more popular, it was unclear who was responsible for protecting the data. Nowadays, most security and IT teams understand the shared responsibility model, where the SaaS vendor is responsible for the application's ...
1 year ago Thehackernews.com
AppOmni Previews Generative AI Tool to Better Secure SaaS Apps - AppOmni this week unveiled a technology preview of a digital assistant to its platform for protecting software-as-a-service applications that uses generative artificial intelligence to identify cybersecurity issues. The AskOmni assistant provides ...
11 months ago Securityboulevard.com
Reco Employs Graph and AI Technologies to Secure SaaS Apps - Reco today launched a platform that makes use of machine learning algorithms and graph technology to secure software-as-a-service applications. The Reco Identities Interaction graph technology connects to SaaS applications via its application ...
11 months ago Securityboulevard.com
CVE-2021-46989 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
SSPM: A Better Way to Secure SaaS Applications  - Security Boulevard - “GenAI can be incredibly powerful, but it must be used with caution,” Nakash warns, and adds that “if not properly managed, it can expose sensitive data or generate misleading insights.” As one report by Forrester notes, 71% of organizations ...
1 month ago Securityboulevard.com
The Importance of Incident Response for SaaS - The importance of a thorough incident response strategy cannot be understated as organizations prepare to identify, investigate, and resolve threats as effectively as possible. Most security veterans are already well aware of this fact, and their ...
11 months ago Securityboulevard.com
Savvy Launches Identity-First Security Offering to Combat Toxic Combinations Driving SaaS Risk - PRESS RELEASE. TEL AVIV, Israel, Jan. 16, 2024 - Savvy, a software-as-a-service security platform provider, today announced its Identity-First Security offering that uncovers risks created by a toxic combination of identity access management ...
10 months ago Darkreading.com
What Is a SaaS Security Checklist? Tips & Free Template - SaaS security checklists are frameworks for protecting data and applications in cloud-based environments. These checklists include security standards and best practices for SaaS and cloud applications, and B2B SaaS providers use them to guarantee ...
7 months ago Esecurityplanet.com
CVE-2024-35784 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
Latest Information Security and Hacking Incidents - According to 25% of participants in an IBM study conducted in September 2022 among 3,000 companies and tech executives worldwide, security worries stand in the way of their ability to achieve their cloud-related goals. Nowadays, a lot of ...
10 months ago Cysecurity.news
CISOs Grapple With IBM's Unexpected Cybersecurity Software Exit - IBM's surprise departure from cybersecurity software this week didn't just rearrange the competitive landscape - it also reshuffled the procurement plans and vendor relationships for many CISOs rebuilding their SOCs. IBM has agreed to sell the QRadar ...
6 months ago Darkreading.com
Productiv launches Sidekick, an AI-powered assistant for smarter SaaS management - Join leaders in Boston on March 27 for an exclusive night of networking, insights, and conversation. Productiv, a leading SaaS management platform, has announced the launch of Sidekick, an AI-powered chatbot designed to revolutionize how IT leaders ...
8 months ago Venturebeat.com
Wing Security unveils automated protection against AI-SaaS risks - Wing Security unveils an automatic advanced approach to counter the evolving risks of Intellectual Property and data leakage into GenAI applications. Amidst the growing adoption of GenAI, and the many SaaS applications powered by GenAI, Wing brings ...
10 months ago Helpnetsecurity.com
Former Global CISO of Wells Fargo, Sunil Seshadri, Joins Board of Directors at Obsidian Security - This week, Obsidian Security, announces the appointment of Sunil Seshadri to its Board of Directors. Sunil joins the board at a time when the Obsidian platform has become essential to Incident Response providers around the world as they respond to a ...
4 months ago Itsecurityguru.org
Former Global CISO of Wells Fargo, Sunil Seshadri, Joins Board of Directors at Obsidian Security - This week, Obsidian Security, announces the appointment of Sunil Seshadri to its Board of Directors. Sunil joins the board at a time when the Obsidian platform has become essential to Incident Response providers around the world as they respond to a ...
4 months ago Itsecurityguru.org

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)