SaaS security breaches escalate, fuelling urgent defences push

The growing proliferation of cloud-based Software as a Service (SaaS) applications across enterprises has led to a heightened focus on security concerns, particularly in light of recent security breaches.

A recent report by Thales indicates that SaaS applications have become the top target for cyber attacks (31%), followed by cloud storage and cloud management solutions. With more than half of organisations reportedly using over 25 SaaS applications, securing these services has become incredibly complex and presents a significant challenge for security teams.

Noteworthy SaaS applications that are widely used include Microsoft 365, Snowflake, Databricks, Salesforce, and Google Workspace. As almost half of corporate data in the cloud is deemed sensitive, the increased usage of these applications has inadvertently expanded the attack surface, making them more appealing to cybercriminals.

Glenn Chisolm, Co-Founder of Obsidian, comments on the situation: "Having handled hundreds of SaaS incidents with our incident response partners, we see SaaS threats becoming a rising concern for organisations. SaaS breaches have grown fourfold in the last year. Identity factors account for over 80% of these breaches, driven by attacks like help desk social engineering, self-service password resets, or attacker-in-the-middle tactics."

Issues with the configuration, data security, and governance gaps are among the key contributors to these breaches. In light of these significant security challenges, the need for robust identity management practices and increased oversight cannot be overstated.

Bringing this issue to the fore, TeamViewer, a prominent provider of remote access and control software, has confirmed a data breach attributed to the hacker group Midnight Blizzard. The breach stemmed from an employee's compromised credentials, emphasising the role of identity security for SaaS applications.

Glenn Chisolm emphasised the role of identity compromise in such incidents, stating: "Identity compromise is a critical component in most breaches we see, accounting for over 80% of SaaS breaches.”

To mitigate the risk of identity compromise, Chisolm advises organisations to follow three core steps: centralise identity access behind an Identity Provider (IdP), ensure federated access with multi-factor authentication (MFA), and diligently monitor employee accounts for abnormal activities. These measures are crucial in protecting against threats such as spear-phishing and attacker-in-the-middle phishing.

In another recent breach, Rabbit, the artificial intelligence device, has come under scrutiny for a serious security flaw discovered in its system. A group of researchers, known as Rabbitude, found that the device contained hardcoded API keys, raising significant security risks. The investigators revealed that the keys, particularly those related to the ElevenLabs API, allowed potential access to all responses ever given by the R1 devices.

Richard Bird, Chief Security Officer at Traceable AI, remarked: "The power of APIs to create value and business benefit is clearly running headlong into a series of security problems that haven't been fixed for years. Basic key management issues are proving to be an enormous Achilles' heel for companies."

Tyler Shields, VP of Product Marketing at Traceable AI, echoed these concerns, noting the criticality of authentication and authorisation in API security. "Hardcoding keys into software is a recipe for disaster as it's only a matter of time before attackers reverse engineer those tokens," said Shields.

The growing number of high-profile breaches underscores the urgent need for advanced security measures, including identity security and authentication, as well as industry-wide cooperation to strengthen the defences against increasingly sophisticated cyber threats.