SAAS SECURITY
Keeping everything safe As the popularity of Software-as-a-Service grows, so do the number of attacks made on it by cybercriminals. Businesses – and resellers – need to be dynamic to ensure that systems remain as secure as possible.
Software-as-a-Service (SaaS) has grown hugely in recent years as businesses take advantage of the benefits of moving increasing amounts of work and data to the cloud. But with this move comes risks. The number of cyberthreats continues to grow at an alarming rate, and there is now widespread acknowledgement that it isn’t a case of if a business will be attacked, but when and SaaS is no exception. Glenn Chisholm, co-founder and CPO of Obsidian Security, says that as more business-critical information migrates to SaaS applications, they have become the primary target for attackers. “We are seeing a record number of attacks in this space. In just the past year, SaaS breaches have spiked by an alarming 300%, impacting major organisations like Microsoft and Okta,” he says. “However, the growing adoption of SaaS has expanded the attack surface,
with each new application introducing new potential vulnerabilities through misconfigurations, overprivileged access, and identity compromise.” One of the most popular tactics is spear phishing. “About one in three SaaS breaches result from these attacks,” Glenn says. “Because adversaries now have access to AI tools and phishing- as-a-service kits to improve their tactics, we’ve seen these sophisticated identity- based attacks routinely bypass traditional security measures like multi-factor authentication (MFA) or email security gateways (ESG). “A rules-based approach to detecting and responding to these threats will only produce a lot of noise and quickly become outdated. Building models based on actual threat actors and methodologies is the best strategy to stay ahead of these attacks.” Ian Cairns, director at TalkTalk Business, says that while SaaS enhances flexibility and productivity “it can also expose businesses to greater risk, due to potential data breaches, poor access controls and compliance issues. It’s important to follow best practices or get expert advice to mitigate any risks. “Cybercriminals are becoming more sophisticated, often operating as organised networks, which makes it difficult for businesses to stay ahead. In fact, 41% of IT leaders say securing cloud applications and devices is their biggest challenge. “To combat these evolving threats, businesses must partner with security specialists who are on the forefront of threat detection and prevention. Staying
Glenn Chisholm co-founder and CPO
obsidiansecurity.com
“
Because adversaries now have access to AI tools and phishing-as-a- service kits to improve their tactics, we’ve seen these sophisticated identity-based attacks routinely bypass traditional security measures...
”
CONTINUED
www.newsinthechannel.co.uk
21
Powered by FlippingBook