It’s easy to think that high-tech companies have a security advantage over other older, more mature industries. Most are held back by 40 year old systems and software. They attract some of the youngest, brightest digital natives in the world to their ranks, all of whom have been considering cybersecurity issues throughout their lives.
Perhaps it is due to their familiarity with technology that causes them to overlook SaaS security configurations. During the last Christmas holiday season, Slack had some private code stolen from its GitHub repository. According to Slack, the stolen code did not affect production, and no customer data was taken.
Still, the breach should serve as a warning sign to other tech companies. Stolen tokens allowed threat actors to access the GitHub instance and download the code. If this type of attack can happen to Slack on GitHub, it can happen to any high-tech company. Tech companies need to take SaaS security seriously to prevent resources from being leaked or stolen.
App Breaches: A Recurring Story
Slack’s mishap with GitHub wasn’t the first time a GitHub breach occurred. Back in April, a stolen OAuth token was stolen from Heroku and Travis CI-maintained OAuth applications, leading to an attacker downloading data from dozens of private code repositories.
MailChimp, a SaaS app used to manage email campaigns, experienced three breaches over 12 months over 2022-23. Customer data was stolen by threat actors, who used this data in attacks against cryptocurrency companies.
SevenRooms had more than 400GB of sensitive data stolen from its CRM platform, PayPal informed customers in January that unauthorized parties were accessing accounts with stolen login credentials, and Atlassian saw employee data and company data exposed in a February breach.
Clearly, technology companies are not immune to data breaches. Protecting their proprietary code, customer data and employee records stored in SaaS applications should be a top priority.
Reliance on SaaS applications
A strong SaaS stance is important for any business, but it is especially important for organizations that store their proprietary code in SaaS applications. This code is especially tempting to threat actors, who want nothing more than to monetize their efforts and earn the code back to its creators.
Tech companies also tend to rely on a large number and mix of SaaS applications, from collaboration platforms to sales and marketing tools, legal and finance, data warehouses, cybersecurity solutions, and much more—making it even more challenging to securing the entire stack.
Tech employees depend heavily on SaaS apps to do their daily work; this requires security teams to strictly regulate identities and their access. Moreover, these users tend to log into their SaaS apps through different devices to maintain efficiency, which can pose a risk to the organization based on the device’s hygiene level. In addition, technical staff tend to connect third-party applications to the core stack without thinking twice, giving these apps high risks.
Learn how Adaptive Shield can help you secure your entire SaaS stack.
SaaS access control after layoffs
The high-tech industry is known for periods of hyper-growth, followed by downsizing. In recent months, we’ve seen Facebook, Google, Amazon, Microsoft, LinkedIn, Shopify and others announce layoffs.
The absence of employees from SaaS applications is a critical element in data security. While much of employee offboarding is automated, SaaS applications that are not connected to the corporate directory do not automatically remove access. Even those applications that are connected may have admin accounts that are outside of the company’s SSO. While the primary SSO account can be disconnected, the user’s admin access through the app’s login screen is often accessible.
Organic Hyper Growth and M&As
At the same time, the industry is ripe with mergers and takeover announcements. As a result of M&As, the acquiring company must create a baseline for SaaS security and monitor all SaaS stacks of merged or acquired companies while enabling business continuity. Whether the hypergrowth is organic or through an M&A, organizations need to be able to ensure access is just right for their users, at scale and fast.
Identity Threat Detection & Response
The majority of data breaches affecting tech companies stem from stolen credentials and tokens. The threat actor enters the system through the front door, using valid user credentials.
Identity Threat Detection and Response (ITDR) picks up suspicious events that would otherwise go unnoticed. An SSPM (SaaS Security Posture Management) solution with threat detection engines in place will alert when there is an Indicator of Compromise (IOC). These IOCs are based on intersection of activities such as user geolocation, time, frequency, recurring login attempts, excessive activities and more.
Securing SaaS from High Tech
Maintaining a high SaaS security posture is challenging for high tech companies, who may believe they are equipped and well trained to prevent SaaS attacks. SaaS Security Posture Management is essential to prevent SaaS breaches, while an SSPM with ITDR capabilities will go a long way in ensuring your SaaS data is secure.
Learn how Adaptive Shield can help you secure your entire SaaS stack.
0 Comments