Intruder on Jan. 10 posted a blog that lays out four of the top security threats for SaaS apps in 2023.
The list covers web applications weaknesses, misconfiguration mistakes, vulnerable software and patching, and weak internal security policies and practices.
A lot of the SaaS apps are from small, growing companies, which means they often have poor security. That’s why the Intruder researchers say security teams need to deploy password managers, enable two-factor authentication, and offer security training to the rank-and-file staff.
Craig Burland, chief information security officer at Inversion6, said the overall themes are spot on: cyber criminals will be busy in 2023 and security teams need to pay more attention to their cloud footprint.
Burland said misconfigurations in SaaS platforms are definitely an issue as users have great power to open access or enable services that create risk of compromise. Burland said many SaaS platforms actually come with features enabled by default that security teams should turn off before an organization starts any real use of the platform.
“These often take the form of unmanaged service accounts or cloud-to-cloud integrations rather than permissive firewalls,” Burland said. “Providing visibility into SaaS environments is an emerging space for security companies looking to help organizations minimize these unknown vulnerabilities. Finally, password managers and MFA are fantastic tools that individuals and organizations should use to reduce the risk of credential compromise. But that threat is not specific to SaaS applications. In today’s world, that threat is universal. The best way to protect yourself against a poor SaaS provider — or any other third-party — is thoroughly vetting their security posture before trusting them with your data."
Mike Britton, chief information security officer at Abnormal Security, added that while MFA offers an important security practice that helps prevent unauthorized access to accounts, it can give a false sense of security for two major reasons:
First, attackers are increasingly leveraging new techniques to bypass MFA protocols or using stolen sessions that can be purchased on the dark web. In some cases, like we saw in the recent Uber attack, they're simply wearing users down with push notifications until they provide the authentication needed for access. Second, solutions that provide MFA do not monitor the behavior or activities of an account once it has been authenticated.
“This is further exacerbated by the fact that the SaaS applications of today are all interconnected through the OAuth protocol so once someone has access to one tool, they can move throughout the enterprise environment into any other connected application,” said Britton.