Close to a third (31%) of worldwide organizations suffered a breach of data in their SaaS applications last year, as they battled to gain visibility and control over their cloud environment, as per AppOmni.
For its State of SaaS Security 2024 Report, the security vendor polled 644 businesses with more than 2500 employees in six countries: the United States, the United Kingdom, France, Germany, Japan, and Australia.
The five percentage-point increase in the share of breached respondents this year could be explained by a few contributing elements featured in the review.
These include:
• A lack of understanding of cybersecurity posture: 72% of respondents guaranteed their association has the most full grown SaaS cybersecurity program rating, unaltered from the earlier year.
• There is no accountability for cybersecurity: half of respondents asserted liability regarding getting SaaS is down to the entrepreneur, with simply 15% saying it is unified in the cybersecurity team.
• A lack of visibility into SaaS: 49% of respondents who habitually use Microsoft 365 asserted they have under 10 applications connected to the platform. In reality, AppOmni’s aggregated data indicated there are 1000+ connections on average.
• Poor policy implementation: Although 90% of respondents said strategies are set up to guarantee just endorsed applications are utilized, a third (34%) admitted these rules aren’t strictly enforced. That number is up 12% annually.
Answering associations said they stress most over lost IP (34%), reputational harm (30%) and breaches of customer data (27%). Just 32% are confident in the security of corporate or customer data stored in their SaaS apps, down from 42% last year.
AppOmni suggested three best practices to help mitigate SaaS data breach risk:
1. Track data closely to help visualize the attack surface and prioritize specific sources of risk
2. Single sign-on (SSO) and multi-factor authentication (MFA) should be enabled by default in all applications that store sensitive data.
3. Monitor apps continuously to prevent configuration drift.
