A look at the SaaS threat landscape in the year ahead
Breaches of consumer health, credit data, and military systems were among the most devastating in 2023 – evidence that no SaaS applications are immune from being compromised. To find out what next year holds, we asked 5 cybersecurity thought leaders to share their 2024 predictions.
SaaS breaches are increasing and attack vectors varying
A quick recap of this year: As of this publishing, the SaaS Breach Info Center reported on more than 30 major breaches in 2023, impacting more than 221,754,208 individuals, consumer accounts, and profiles as well as thousands of employees at affected organizations.
- Third-party breaches
- Compromised developer credentials
- Stolen source code
- Exposed encryption keys
- Misconfigurations
- Ransomware
- Hijacked Okta credentials
- Access to authenticator systems
And other incidents impacted business operations and the security of protected information. Identity-based attacks increased and super admin accounts proved to be fruitful targets, providing attackers with useful leverage through enabling initial access.
Overconfidence in controls can lead to false sense of SaaS security
- This year, we also surveyed over 600 security practitioners across the globe for the 2023 AppOmni State of SaaS Security Posture Management Report, and found a high degree of overconfidence and optimism about the security of their SaaS apps. This optimism contrasts with our findings from real-world deployments. In our research, we discovered that:
- 85% of respondents indicated that they are confident that their company and customer data is secure in their organizations’ SaaS applications.
- But 79% have suffered a SaaS cybersecurity incident in the last 12 months.
- 30% experienced data exposure and end-user permission vulnerabilities.
- Additionally, 60% of security teams have limited to no ability to monitor their SaaS-to-SaaS connections.
Although many organizations think their SaaS cybersecurity is mature – having deployed CASB, MFA, IdP, MdM – they are grossly underestimating the extent of their SaaS attack surface risk and lack true unified risk visibility. But it is encouraging to hear that 70% of organizations have identified SaaS cybersecurity as a top 3 security initiative for 2024.
Predictions for 2024 reveal SaaS cyber risk is expected to escalate
When inviting thought leaders to offer their predictions, we asked, “Will we see more of the same as in 2023?”; “How do you foresee things escalating?”; “Will threat actors continue going after identities?”; and “What will security leaders need to prepare for?”
Unsurprisingly, they have a lot to say. We heard a lot about SaaS applications becoming increasingly risky from a security standpoint.
Thought leaders also shared their apprehension about AI-driven security and attackers with AI-supported arsenals. Possible new cyber weapons, an influx of new security startups, and rampant misconfigurations were also mentioned. Our experts noted potential new targets and also emphasized the risks of inaction. In all, a consensus emerged – the industry at large isn’t prepared for what 2024 holds.
Here are the highlights (edited for flow and brevity).
Brendan O’Connor, CEO and Co-Founder at AppOmni: “Anyone with good intentions will connect AI to highly-sensitive data they shouldn’t (e.g. PII, medical records, financial transactions) and it can go very wrong. While AI can be a force for good, securing data-hungry LLMs has not matured.
The more things change, the more they stay the same. In 2024, mega breaches will continue to have a profound impact on SaaS platforms, large institutions, and industries such as healthcare, consumer products, and automotive. Attackers will leverage the same tactics and techniques since they’ve proven to be successful.
Lastly, expect to see an arsenal of new cyber weapons. There’s a hierarchy of how these things reach the dark web. Military-grade exploits and espionage-motivated campaigns will work their way down to organized crime. Businesses must get ahead of this — those without a governance process will fall far behind if they do nothing.”
Andy Ognenoff, Managing Director and Global SaaS Security Lead at Accenture: “Given the public attention to high-profile SaaS security incidents we saw in 2023, we’re seeing an awakening in enterprise and platform security – SaaS still needs attention. 2024 is likely to be a continuation of the second half of 2023, where app owners are surprised when they realize that they haven’t outsourced all of their security responsibilities to SaaS vendors.
The general message we’re hearing from clients is that they need help gaining visibility into their SaaS portfolios and untangling or remediating long-standing issues. In some cases, issues that’ve been going on for years.
As far as attack techniques are concerned, identity-based attacks, especially token theft, are likely to continue to be a primary approach attackers use for the initial foot in the door of an organization. We’re going to see SaaS apps be increasingly popular targets given the strategic reliance on them for most enterprises.”
Joseph Thacker, Sr. Offensive Security Engineer at AppOmni: “AI security is going to get increasing focus in 2024 and AI being used for security will also ramp up. There will be numerous startups, potentially hundreds, focused on AI security. Also, every major application will incorporate AI features, a shift that will inevitably introduce new vulnerabilities.
Startups will appear for many domains. There will be AI SOC analysts who will handle alert triage, AI Ethical Hackers tasked with uncovering vulnerabilities, AI Code Review tools capable of identifying software bugs and suggesting automated fixes, and AI Social Engineering toolkits designed to enhance phishing efforts to name just a few.
Allowing AI systems to make decisions is convenient. That means many products will incorporate it without adequate security testing. We will see where this leads really soon.”
John Grady, Principal Analyst at ESG Group: “The SaaS landscape is changing dramatically. This fact, coupled with new SEC cybersecurity reporting requirements, make it almost certain that we’ll see multiple disclosures in 2024 of sizable data breaches that stemmed from the misconfiguration of connected, third-party SaaS applications.
SaaS is clearly ubiquitous, and yet many organizations still struggle with security. Security teams often don’t have visibility into third-party applications.
Enterprise Strategy Group research shows that 39% of organizations have already suffered data loss of cloud-resident sensitive data, while an additional 20% suspect that they have. SaaS applications were the target for 42% of organizations that suffered or suspected a cloud data loss event.
Notably, the most common contributing factor to these incidents wasn’t malware or advanced adversaries, but SaaS service misconfiguration – cited by 33% of organizations as the cause. In all, organizations using SaaS applications will probably have their confidence tested this upcoming year.”
Tim Bach, SVP of Security Engineering at AppOmni: “We’ve seen a steady uptick in recognition of SaaS as a major part of the enterprise attack surface in the last 5 years.
Also, threat hunters are focusing more on monitoring SaaS activity logs for signs of attackers and active exploitation. 2024 will likely be more of a spike than a linear increase, though, due to widely publicized SaaS-related attacks and research — for instance, KrebsOnSecurity reporting on ServiceNow.
Our own research team at AppOmni noted marked upticks in attack activity after publication of such research, indicating that this is on the minds of attackers. So, next year as always, hunters need to be vigilant about SaaS activity.”
Final thoughts and recommendations for improving SaaS security resilience
2024 could prove to be interesting like 2023 – full of sizable disclosures, AI-driven breaches, third-party attacks, and misconfigurations. Unfortunately for security professionals, overconfidence appears to create widespread under-preparation for SaaS that could leave organizations vulnerable.
Next year could place the industry in a defensive position. Significant, unguarded attack surfaces are likely to attract opportunistic attacks involving SaaS that impact millions of consumer and organizational profiles. Proactively addressing cybersecurity risks will require informed, decisive action.
Taking action with these predictions as your guide helps your organization stay ahead of the biggest threats. The AppOmni Threat Research Team is continuously monitoring the cybersecurity landscape to support our customers’ and partners’ SaaS security posture. AppOmni helps your team detect and remediate potential SaaS vulnerabilities and threats. It does this through patented, continuous monitoring of your SaaS environment, not just at the point of SaaS adoption.
CISO’s Guide to AI
Learn the most common misconceptions about AI security and discover how to use AI applications responsibly to prevent cyber risks on your organization.
Related Resources
-
How to Detect Session Hijacking in Your SaaS Applications
In part 3 of this series, Justin Blackburn shares best practices to detect session hijacking and how AppOmni does this by flagging anomalies and through UEBA alerts.
-
AppOmni Achieves FedRAMP®️ “In Process” Status for Public Sector SaaS Security
AppOmni has achieved FedRAMP® “In Process” status, a major milestone in providing secure SaaS solutions to federal agencies.
-
Closing Security Gaps with AppOmni and Okta’s Integrated SaaS and Identity Protection
Read how AppOmni and Okta address the challenge of security teams correlating identity behavior with SaaS activity through the Shared Signals Framework (SSF).