Misconfigured security settings in SaaS applications contribute to a significant 35% of all security breaches. However, the initial access vectors to SaaS data have expanded beyond misconfiguration management in the past 3 years [2] [3] [4]. This has led to a rise in SaaS security incidents, including data leaks [3], breaches [2] [3] [4], ransomware attacks [3], and malicious applications [3]. To combat this growing threat, organizations are increasingly planning to implement a SaaS Security Posture Management (SSPM) tool by September 2024.


A recent SaaS Security report highlights that 55% of organizations have encountered a SaaS security incident in the last two years [3]. These incidents encompass a range of threats, such as data leaks, breaches [2] [3] [4], ransomware attacks [3], and malicious applications [3]. To address this evolving threat landscape, organizations are recognizing the need for enhanced visibility into SaaS app users and the identification of third-party application integrations as a major attack vector. This is where the adoption of SSPM becomes crucial.

One particular concern is the rise of employee SaaS, where employees sign up for SaaS applications without following proper protocols [1]. This poses a significant security risk as it operates outside the purview of regular security controls. Cybercriminals can exploit this shadow IT by compromising endpoint accounts and bypassing network security measures. Additionally, the use of unvetted SaaS applications is common [1], with employees often engaging in the approval process after already using multiple apps [1]. This creates a large attack surface for attackers [1].

Password re-use is another major concern [1], with credential stuffing attacks becoming more prevalent. Attackers gain access to compromised accounts and then employ social engineering tactics [1], such as phishing, to target other employees. They often obtain long-term access tokens, enabling them to set up automations and steal sensitive information.

To address these new threat vectors, organizations must take proactive measures in their SaaS security strategies. The objective of the SaaS Security on Tap series is to educate organizations on the evolving threats in SaaS security.


The impact of misconfigured security settings and other SaaS security incidents cannot be underestimated. They can lead to data breaches, leaks [3], ransomware attacks [3], and the compromise of sensitive information. However, by implementing SSPM tools and adopting proactive security measures, organizations can mitigate these risks and enhance their overall security posture.

Looking ahead, it is crucial for organizations to stay informed about the evolving threats in SaaS security and continuously update their security strategies. By doing so, they can effectively protect their data, systems [2] [4], and users from the ever-growing threat landscape. The SaaS Security on Tap series aims to play a role in this education and awareness process, helping organizations stay one step ahead of cybercriminals.


[1] https://www.isc2.org/Insights/2023/10/SECURE-London-Securing-Employee-Adopted-SaaS-Apps
[2] https://vulners.com/thn/THN:D1582F77E2F11ECC0BF46EA38109B23E
[3] https://cybersocialhub.com/csh/the-fast-evolution-of-saas-security-from-2020-to-2024-told-through-video/
[4] https://thehackernews.com/2023/10/the-fast-evolution-of-saas-security.html