Verizon 2024 DBIR: Three Takeaways for SaaS Security

Verizon released its Data Breach Investigations Report (DBIR) earlier this month. For the uninitiated, this annual report is a comprehensive analysis of breaches from organizations of all sizes and industries, giving insights into trends and changes in the threat and security landscapes. 

‍

The report is unusual for a few reasons. First, it is one of the largest and most comprehensive reports in the cybersecurity industry. Second, it is incredibly readable and funny. 

‍

While the report is a font of insights and statistics, there were a few key takeaways in the world of SaaS security this year. 

‍

Third party breaches are on the rise.

Third party breaches rose by a staggering 68% from the prior year, with all indications of this number continuing to climb. Much of this increase was due to the wide scale MOVEit breach, but is also a harbinger of how attacks are conducted by modern threat actors. This is certainly unwelcome news for companies looking to increase productivity by adding more applications, which all have their own tangles of dependencies and exploitation possibilities.

‍

The DBIR authors didn’t mince words when describing these third party breaches. “In short, those are breaches an organization could potentially mitigate or prevent by trying to select vendors with better security track records.” Of course, this advice is easier said than done when major vendors such as Okta, Wordpress, Salesforce, and countless others have all been successfully breached. 

‍

Takeaway: Often companies are faced with impossible choices between being able to conduct business and finding a vendor with impeccable security records, yet these dependencies on third party applications are leading to more and more breaches every year. Understanding how to manage these third party applications will be a growing concern for security teams. 

‍

Humans continue to be human. 

Almost two thirds of breaches involve the human element, which when boiled down to one word essentially means, “mistake.” Whether it’s clicking on a convincing phishing email, reusing a password, installing an application to help with a work task (or any other number of vectors threat actors use in order to access a system) these types of non-malicious mistakes are still the most exploited paths for threat actors. 

‍

Takeaway: We know that humans won’t ever stop making errors, but security professionals must continue to not just encourage their users to adopt best practices such as MFA and robust password policies, but enable them to do so, too. Adopting the principle of least privilege can also mitigate the human factor, as well as vetting third party applications and their access requirements before widespread adoption.

‍

Visibility, Vetting, and Access Monitoring Are Key

With complex dependencies, human errors, rapid adoption of applications to stay competitive, it might seem like the only secure work solution these days is the pens and paper aisle at the local office supply shop. Before it comes to that, however, there are a few key ways security teams can help fortify their systems and businesses. 

‍

1. Visibility: In order to secure what you have, you have to know what you have. Most companies have no idea how many applications they have connected, let alone formal vetting processes for adding them. Ensuring your security teams have full visibility into the entire ecosystem – including third party applications – will help reduce risk of these growing threat vectors.
2. Vetting: The DBIR authors gave advice for adding applications bluntly: “Anything that adds to your attack surface on the internet can be targeted and potentially be the first foothold for an external threat actor, and as such, the focus should be to try to keep footholds to a minimum.” In other words: companies should implement screening processes when adding new applications to ensure they aren’t adding unnecessary access points for threat actors. ‍
3. Access Monitoring: Overprivileged users can cause major problems for companies. Since human errors are one of the most common access vectors for threat actors, ensuring those users don’t have more access than they need can help mitigate the effects of their mistakes. Understanding these privileges and monitoring them constantly can also help prevent threat actors abusing them.

‍

‍

Conclusion 

While the benefits of SaaS applications are undeniable from a business productivity perspective, organizations must be proactive in addressing these security concerns as their risks are growing exponentially. By understanding their full SaaS footprint, carefully evaluating new vendors, and adhering to least privilege access principles, companies can capitalize on SaaS applications while safeguarding against the changing threat landscape. 

‍

Reco’s continual compliance, access monitoring, contextualized alerts, and 3rd party integrations can help companies stay ahead of the growing threats highlighted in the DBIR. You can learn more about how Reco addresses these threats here. 

‍