According to a recent report by Valence Threat Labs, organizations are facing increased cybersecurity risks due to the growing reliance on software-as-a-service (SaaS) applications. This shift to cloud services, coupled with a remote or hybrid workforce and increased use of third-party partners and contractors, has made organizations more vulnerable to attacks targeting insecure default configurations and weakly secured identities.
Over the past year, attackers have been exploiting various vulnerabilities in SaaS applications to gain unauthorized access to critical business applications like GitHub, Microsoft 365, Google Workspace, Slack, and Okta. They have attempted to intercept OAuth tokens, bypass multifactor authentication schemes, and exploit misconfigured systems and applications.
The Valence Threat Labs report highlights several ways in which SaaS usage exposes organizations to attack. One key area for improvement is tracking abandoned applications, files, and user accounts. The report found that 51% of an organization’s SaaS third-party integrations are inactive, indicating a lack of oversight and management. Additionally, 90% of shared assets (files and folders shared with external collaborators) have not been accessed for at least 90 days, suggesting a potential security risk.
Another concerning finding is that, on average, one in eight employee accounts are dormant, meaning the users are no longer with the company or are no longer active. This presents a significant risk as inactive accounts can be exploited by attackers to gain unauthorized access. Furthermore, the report reveals that 10% of an organization’s shared integrations and data actually belong to ex-employees, highlighting the importance of proper offboarding procedures.
The increasing interconnectedness of SaaS applications has also contributed to the heightened risks. The report notes that applications now function as an ecosystem, with shared data and identities. However, this integration has resulted in applications having excessive privileges and data sharing being out of control. For instance, 100% of organizations grant full read/write access to email, files, and calendar to at least one third-party tool or service. Additionally, there are on average 21 integrations per organization with tenant-wide access to company and employee data.
Another concerning finding is that files are shared with personal accounts 30% of the time, potentially exposing sensitive data to unauthorized individuals. The report also highlights that there are 54 shared resources per employee and 193,000 shared resources per company, on average. Many of these shared resources sit idle, increasing the attack surface for potential breaches.
To mitigate these risks, organizations need to regularly review and remove unused integrations and revoke unnecessary sharing permissions. The report recommends automatically revoking data shares after a certain time period, such as 30 days, to minimize the potential for unauthorized access. Additionally, user accounts should be deactivated promptly when employees leave the company to prevent any lingering vulnerabilities.
Lifecycle management is crucial to ensure business processes remain intact when an employee departs and their account is deactivated. By implementing better oversight and management of SaaS applications, organizations can reduce the likelihood of cyberattacks and protect their critical business systems and data.
In conclusion, the increasing reliance on SaaS applications has exposed organizations to heightened cybersecurity risks. Attackers are targeting insecure configurations and weak identities, leveraging vulnerabilities to gain unauthorized access to critical business applications. By addressing issues such as abandoned applications, idle data sharing, and dormant user accounts, organizations can minimize their attack surface and better protect their sensitive information. Regular assessment, revoking unnecessary privileges, and prompt user account deactivation are key steps in mitigating these risks.