SaaS Breaches Surge 300% in a Year, Targeting Even Well-Secured Orgs
SaaS breaches have skyrocketed by 300% in the past year, with 85% starting from compromised identities. The healthcare sector was the hardest hit, experiencing 14% of these incidents. Sophisticated cybercriminals and nation states are targeting SaaS platforms to steal sensitive data, even from well-secured organizations.
The integrated nature of SaaS platforms allows threat actors to move freely across multiple apps once an identity is compromised. Adversary-in-the-middle (AiTM) attacks account for 39% of these incidents. SaaS breaches serve diverse objectives, from financial gain to espionage and strategic disruption.
In a recent high-profile case, cybercriminals compromised the cloud data warehousing app Snowflake, impacting over 160 companies and extorting approximately $2.5m. This included telecoms giant AT&T. Despite robust security measures, SaaS attacks are proving successful. In the Snowflake incident, multi-factor authentication (MFA) was not enabled, allowing access with just a valid username and password. Even the three largest companies have faced SaaS breaches outside the specified period, such as Microsoft's Azure Blob Storage misconfiguration in late 2022, which exposed sensitive customer data from over 65,000 clients in 111 countries.
Organizations are increasingly reliant on SaaS apps for critical operations, making them prime targets for cybercriminals. To mitigate risks, it's crucial to enable multi-factor authentication and implement robust security measures tailored to SaaS platforms. As SaaS breaches continue to surge, understanding and addressing these threats is vital for protecting sensitive data.
Read also:
- Emergency services of the future revealed by Renault with the introduction of the Vision 4Rescue vehicle.
- SonicWall executive Michael Crean discusses the current state of managed security
- Companies exercise prudence towards AI adoption, ensuring secure implementation: Exploring safeguards and strategies.
- Stolen Brain Data of Sinner and Leclerc (Yellow chroma), previously held in China, repurposed for military training purposes.
