< Go Back

The Expanding SaaS Attack Surface

SaaS apps are great! And used far and wide, but they do expand the overall attack surface, and that needs to be addressed.

With technology constantly evolving and sophisticated security strategies in place, you’d think that organizations are better able to defend themselves against threat actors so that their attacks would be less effective…

However,  a growing dependence on SaaS apps in daily workflows, and behind-the-scenes app connections means that your business’ potential attack surface is actually expanding rapidly, making companies more vulnerable to attacks. There is an exploding number of access points for unauthorized users to access and steal data, thanks to increased connectivity (such as App2App connections) and other factors.

There is an exploding number of access points for unauthorized users to access and steal data, thanks to increased connectivity

According to Gartner, attack surface expansion was the number 1 cybersecurity trend for 2022.

Security-as-a-Service Isn’t Fail-Safe

Security-as-a-Service (SECaaS) is growing in popularity, and that means more and more organizations are outsourcing their SaaS application security to external providers. While this model does provide some peace of mind and helps take the burden off a company’s security teams, it also comes with some hidden dangers.

Misconfigurations and insider threats originating from the SECaaS provider can lead to data breaches. Because the responsibility of security is primarily in the hands of an external company, there may be a scenario in which nobody at the organization has full control over their SecOps.

Another major issue around SECaaS is the common misconception that most big-name SaaS apps are inherently secure. Thanks to the reputation that is associated with well-known providers and the effect of brand recognition, some companies may assume that robust security standards are in place – but that’s not always the case. Just because a major provider is involved, that does not mean that their apps or systems are as secure as can be.  

In March 2022, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued a warning that threat-actors were able to infiltrate an NGO’s cloud via a misconfigured account set to a default MFA.  These threat-actors were able to exploit a vulnerability within Cisco’s Duo MFA, proving that being an industry titan does not mean infallibility to breaches.

Changes In Supply-Chain Vendors Can Be Risky

Due to the massive disruption caused by ongoing global events such as the coronavirus pandemic, the Russia-Ukraine conflict, and widespread inflation, the supply chain has been rocked and many businesses are struggling to keep up.

“Against such a volatile backdrop…companies face enormous risks and significant pressure in terms of business disruptions, security and safety of infrastructure, theft or loss of confidential data and a barrage of cybercrime including ransomware and other forms of malicious cyberattacks,” explains Steve Durbin, the managing director of the Information Security Forum (ISF).

Organizations have needed to adjust and amend their supply chains, in order to keep their businesses going. This reshuffling, however, provides an opportunity for threat-actors.  

Additional vendors may end up being brought on board too quickly in order to fill the gaps, with the possibility of standard security checks being rushed or missed in the interest of moving forward as quickly as possible.

It’s critical that businesses still remember to thoroughly vet any potential new or alternative vendors. As tempting as it may be, speed can never trump security.

Rapidly Growing SaaS App Usage

Most organizations are aware of only a small percentage of the SaaS apps that their employees use. And when it comes to remote and hybrid workers, an organization’s visibility into the solutions used by its team and the accompanying SaaS application security threats is even lower.

Most organizations are aware of only a small percentage of the SaaS apps that their employees use.

The increasing number of SaaS applications that connect to third (and fourth) parties physically increases the attack surface, giving threat actors an expanding area to attack, and new opportunities through which to attempt a breach.  

SaaS app security is mission critical – organizations who don’t invest in robust protection and ensure their SaaS security requirements are met are essentially risking it all. Notably, smaller businesses are 3 times more likely to be targeted than large enterprises, partially due to the perception that they have smaller budgets and less manpower specifically dedicated to SaaS application security.

In January 2022, access and identity management platform Okta revealed that one of its third-party vendors had been successfully breached by extortion-focused cybercriminals. Because Okta connects an organization’s internal SaaS apps, like Slack, Gmail, and Salesforce via one single login, its customers were understandably fearful about the implications of the breach.

Although the Okta breach ended without major damage to its customers, the event still served as a major industry-wide wakeup call into the fact that no company is immune from the risks of a breach or a cyberattack. 

The Key To Mitigating An Expanding Attack Surface? Automation and Continuous Discovery

With so many moving parts in play, manually reviewing apps, permissions, and other components of the environment is time-consuming. Wing Security provides organizations with automated SaaS security with continuous Discovery, which gives you a big picture, complete overview into your SaaS environment, 24/7. Wing provides critical information needed to prevent breaches before they happen and respond to potential threats in real-time. To learn more about the best practices for SaaS security and why it is taking off, check out our eBook.

Liked the content?
Sign up to our Newsletter

Give it a shot, no strings attached