Virtually a 3rd (31%) of world organizations suffered a breach of knowledge of their SaaS functions final yr, as they struggled to achieve visibility and management over their cloud surroundings, in response to AppOmni.
The safety vendor polled 644 enterprises with 2500+ workers in six international locations – the US, the UK, France, Germany, Japan and Australia – to compile its State of SaaS Safety 2024 Report.
The 5 percentage-point enhance within the share of breached respondents this yr might be defined by a number of contributing elements highlighted within the research.
These embody:
- A lack of information about cybersecurity posture: 72% of respondents claimed their group has essentially the most mature SaaS cybersecurity program score, unchanged from the earlier yr
- A scarcity of cybersecurity accountability: 50% of respondents claimed duty for securing SaaS is right down to the enterprise proprietor, with simply 15% saying it’s centralized within the cybersecurity crew
- A scarcity of visibility into SaaS: 49% of respondents who steadily use Microsoft 365 claimed they’ve lower than 10 functions linked to the platform. In actuality, AppOmni’s aggregated information indicated there are 1000+ connections on common
- Poor coverage enforcement: Though 90% of respondents stated insurance policies are in place to make sure solely sanctioned apps are used, a 3rd (34%) admitted these guidelines aren’t strictly enforced. That quantity is up 12% yearly
Responding organizations stated they fear most about misplaced IP (34%), reputational injury (30%) and breaches of buyer information (27%). Simply 32% are assured in the safety of company or buyer information saved of their SaaS apps, down from 42% final yr.
Learn extra on SaaS dangers: Most Safety Professionals Admit Shadow SaaS and AI Use
AppOmni recommended three greatest practices to assist mitigate SaaS information breach threat:
- Observe information carefully to assist visualize the assault floor and prioritize particular sources of threat
- Implement sturdy coverage controls throughout apps containing delicate information, with single sign-on (SSO) and multi-factor authentication (MFA) switched on by default
- Monitor apps repeatedly to forestall configuration drift
