Your employees use apps that you don't know about. Are you sure they are safe?
Information security company Wing Security analyzed the use of SaaS applications in 493 companies and identified the main threats and ways to prevent them, offering recommendations for the safe use of SaaS.
The 2023 cyberattacks related to SaaS applications were taken as a basis. The most famous of them are the attacks on JumpCloud, MGM Resorts and 3CX, which were carried out by government hackers to compromise supply chains. In addition to these, there have been other cyber attacks, but many of them are often not announced.
The study highlights that SaaS (Software-as-a-Service) is a new supply chain that requires organizations to take certain security measures. Such applications are undoubtedly an integral part of the modern organization's suite of tools and vendors. According to MITRE ATT&CK's "Trusted Relationships" (T1199) technique, a supply chain attack occurs when an attacker targets a supplier to use it as a means to infiltrate a wider network of companies.
Four major SaaS threats:
1. Shadow SaaS: Most applications used in organizations go unnoticed. Among the companies analyzed, 41% of applications were used by only one person, resulting in a long list of unauthorized applications.
2. Bypassing multi-factor authentication( MFA): the study shows a tendency to use a username and password to access the necessary services, bypassing existing security measures.
Statistics of in services
3. Forgotten Tokens: Users provide applications with tokens that are then often forgotten, creating a large attack surface.
4. Shadow AI: The beginning of 2023 was focused on AI tools, but then thousands of conventional SaaS applications integrated AI models. Almost all companies used artificial intelligence applications, which required consent to the updated terms of use of data.
Solving SaaS Security Issues in 2024:
The report ends on a positive note, listing ways to reduce the threat of SaaS supply chain compromise. Among them – continuous detection and management of shadow IT networks, elimination of incorrect SaaS settings in the first place, optimization of anomaly detection and monitoring of applications using AI.
For a complete list of findings, tips for safe use of SaaS, and a 2024 SaaS security forecast, please read the full report.
Information security company Wing Security analyzed the use of SaaS applications in 493 companies and identified the main threats and ways to prevent them, offering recommendations for the safe use of SaaS.
The 2023 cyberattacks related to SaaS applications were taken as a basis. The most famous of them are the attacks on JumpCloud, MGM Resorts and 3CX, which were carried out by government hackers to compromise supply chains. In addition to these, there have been other cyber attacks, but many of them are often not announced.
The study highlights that SaaS (Software-as-a-Service) is a new supply chain that requires organizations to take certain security measures. Such applications are undoubtedly an integral part of the modern organization's suite of tools and vendors. According to MITRE ATT&CK's "Trusted Relationships" (T1199) technique, a supply chain attack occurs when an attacker targets a supplier to use it as a means to infiltrate a wider network of companies.
Four major SaaS threats:
1. Shadow SaaS: Most applications used in organizations go unnoticed. Among the companies analyzed, 41% of applications were used by only one person, resulting in a long list of unauthorized applications.
2. Bypassing multi-factor authentication( MFA): the study shows a tendency to use a username and password to access the necessary services, bypassing existing security measures.
Statistics of in services
3. Forgotten Tokens: Users provide applications with tokens that are then often forgotten, creating a large attack surface.
4. Shadow AI: The beginning of 2023 was focused on AI tools, but then thousands of conventional SaaS applications integrated AI models. Almost all companies used artificial intelligence applications, which required consent to the updated terms of use of data.
Solving SaaS Security Issues in 2024:
The report ends on a positive note, listing ways to reduce the threat of SaaS supply chain compromise. Among them – continuous detection and management of shadow IT networks, elimination of incorrect SaaS settings in the first place, optimization of anomaly detection and monitoring of applications using AI.
For a complete list of findings, tips for safe use of SaaS, and a 2024 SaaS security forecast, please read the full report.
