SAAS SECURITY
Repelling the threats
Cyberthreats to SaaS solutions are increasing in type and volume – thanks in part to AI – which means providers need to ensure that solutions stay as secure as possible.
While software-as-a-service (SaaS) solutions continue to grow in popularity among businesses of all sizes, so do the threats posed to them by cyber criminals. It is not just about number of threats – the types and complexity of them is increasing too. “SaaS threats are increasingly driven by identity abuse and social engineering rather than technical vulnerabilities,” says Alex Ruslyakov, Acronis channel chief. “ Acronis H1 2025 Cyberthreats Report shows that phishing now accounts for 52% of initial access in attacks targeting MSP-style environments, making it the dominant threat vector. “Attackers are exploiting stolen credentials, phishing links and legitimate- looking collaboration requests to gain access that appears trusted. Once inside, they can move quietly across SaaS platforms, often without triggering traditional security controls. “Critically, many SaaS breaches do not start in the SaaS platform itself. Poorly secured endpoints, unpatched tools and over-privileged accounts continue to provide attackers with an easy way in. SaaS security is only as strong as the identities, endpoints and integrations connected to it.”
Mike Puglia, general manager of Kaseya Labs, agrees that user account compromise and installation of third-party malicious applications is a big threat. “Account compromise grew at over 300% in 2025 compared to 2024,” he says. “Yet our research shows few organisations are taking even basic steps to protect their accounts: 50%+ of businesses do not have MFA enabled and adoption of phishing resistant passkeys barely scratches the surface. “Additionally, applications like Microsoft 365 and Google Workspace are commonly managed by IT, but most SaaS applications remain outside of their purview. Think of Salesforce, HubSpot, QuickBooks, Netsuite, Bamboo HR – they are typically managed by the line of business who may not understand secure access and privilege management.” Mike says that ‘the data’ now lives in SaaS products – from email to finance to HR – and presents an attractive target for attackers. “In 2025 we saw this shift – to take one example – thousands of major companies had their data in Salesforce compromised not because of a vulnerability in Salesforce, but because a widely used third party application was compromised and, in a separate attack
“
Attackers are exploiting stolen credentials, phishing links and legitimate-looking collaboration requests to gain access that appears trusted. Once inside, they can move quietly across SaaS platforms, often without triggering traditional security controls.
”
32
Powered by FlippingBook