On September 13, 2024, Fortinet confirmed they had experienced a data breach where someone claimed to have stolen 440GB of data from Fortinet’s Sharepoint instance. The perpetrator then reportedly posted the stolen data, including user credentials, on the dark web.
Credit: Reddit, https://www.reddit.com/r/fortinet/comments/1ffykqd/fortibitch_hack_wow/
SaaS Applications Represent a Growing Attack Surface for Hackers
The widespread use of third party SaaS services has made SaaS applications an attractive target to threat actors. The Fortinet breach highlights that even security firms can be vulnerable, especially when using cloud-based SaaS tools like Microsoft’s SharePoint. Third-party shared file drives like SharePoint are especially interesting to hackers because of the sensitive data that is stored there; however, companies sometimes overlook securing these systems as stringent as on-premises infrastructure. In fact, Wing Security’s research across hundreds of companies found that:
- 85% of file shares have not been accessed in 6 months, yet people still have access to those files.
- ¼ of shared files are shared with the permission level of “anyone with the link.”
- 73% of organizations share company sensitive information outside the company.
Tips for Securing SaaS Applications
The use of SaaS applications is critical to the business so IT security teams need to have a strategy to enable SaaS usage in a secure manner. Here are some tips for ensuring secure SaaS application usage:
- Misconfigured access controls: security teams should ensure that file sharing permissions are strictly managed, especially externally. Limit access based on the principle of least privilege, ensuring only authorized personnel can access sensitive files.
- Use of Multi-Factor Authentication (MFA): strong access controls like MFA can prevent unauthorized access to cloud services, even if credentials are stolen.
- Monitoring for abnormal activity: regularly audit shared file drives to check who has access and monitor for unusual activity, such as large downloads or external access from unfamiliar IP addresses.
SaaS Security Posture Management (SSPM) tools are a great way to understand a company’s SaaS security posture and receive recommendations to improve it. They can provide real-time visibility into misconfigurations, third-party access, and data sharing activity across SaaS platforms, helping IT security teams to identify risks before they become breaches.