Dive Brief:
- Two-thirds of senior IT decision makers say the growing number of enterprise SaaS applications has led to more complexity and increased security risks in their organizations, according to data from Axonius.
- Limited time and resources, C-suite pressure to focus on other initiatives and staffing shortages are the key reasons security is falling behind in priority, respondents said. The company commissioned a survey of 500 leaders in the U.S., U.K and Europe during the first half of 2022.
- The data reflects continued enterprise reliance on SaaS applications, with nearly three-quarters of respondents saying more than half of their applications are now SaaS-based. Two-thirds say their organization is spending more on SaaS applications year over year.
Dive Insight:
More critical company processes and data flow through the digital realm than ever before.
Threat actors are capitalizing on this shift by directing sophisticated attacks against technology companies, in a push to compromise business tools and gain access to more organizations.
Earlier this month, attackers successfully breached communications company Twilio, accessing customer data which was later used to breach software maker Okta.
Attackers are looking to compromise targets with massive downstream ecosystems such as Twilio's customer base, said Abhay Bhargav, CEO, chief research officer and founder at AppSecEngineer.
"It's important for organizations to include these SaaS tools as part of their threat models and actively consider incident response with this in mind," said Bhargav in an email.
The SaaS attack surface is massive. The average company has 500-2,000 users uploading, creating, sharing or storing data in 138 different apps, according to data from Netskope.
Further complicating risk is the fact some enterprise end-users turn to their personal devices for company business. Nearly one-quarter of enterprise users upload, create, share or store data in personal apps and personal instances, Netskope found.
