Blog

SaaS Data Breaches on the Rise

SaaS is an integral part of the IT infrastructure for companies of all sizes nowadays. This model lets employees access useful software tools via the cloud, and it powers everything from customer relationship management and financial tracking to team collaboration and data analytics. But with SaaS solutions integrating deeper into every department, the doors to sensitive information are multiplying—SaaS data breaches are on the rise.  

While many SaaS platforms boast robust built-in security features, beneath the surface, the rapid growth and complexity of these platforms often outpace the security measures businesses have in place. Read on to learn more about the cybersecurity risks among SaaS platforms.  

The Trend of Increased SaaS Breaches 

First, a look at some numbers that capture this trend. A 2024 report into SaaS security found that 31% of surveyed organizations experienced a SaaS data breach within the last 12 months. This stat alone paints a bleak picture of SaaS security given that SaaS solutions accounted for over 70% of software used by companies in 2023 (and 78% of organizations store sensitive data in SaaS applications). 

So, what are the key factors driving the rising SaaS data breaches?

SaaS Misconfigurations

SaaS tools serve various important functions for your business, but each SaaS platform has its own architecture, security controls and permissions structure. Admins might lack in-depth knowledge of how to configure these securely across multiple different SaaS apps, leading to dangerous gaps. It’s not always just a knowledge issue, though; mishaps in configurations become more likely when using lots of different apps.  

Misconfigurations involve settings like multi-factor authentication (MFA) enforcement, API endpoints, feature toggles and integration settings, which attackers can exploit. Additionally, shared data in projects (e.g., via Google Drive, Dropbox or OneDrive) is accessible through links or permissions. Misconfigurations might make these files accessible to anyone with a link or external accounts. 

Early in 2024, news emerged that Home Depot suffered a data breach that resulted in information belonging to 10,000 employees uploaded to a hacking forum. While Home Depot was not at fault, the breach was caused by a misconfiguration in a third-party SaaS vendor that had access to this data. This incident was sort of a double whammy of a supply chain compromise and SaaS misconfiguration.    

Mitigation tip: Automated monitoring tools like SaaS Security Posture Management (SSPM) can be useful in reducing this risk. SSPM tools analyze the security configurations within each of your SaaS apps. Also conduct periodic reviews of shared links and external collaboration settings to revoke unnecessary access. 

Overly Permissive Access

The principle of least privilege is such a staple in information security because when users have more access than necessary, breaches and unauthorized actions become more of a risk. Enforcing this principle in SaaS environments, with their detailed and flexible permissions settings, gets tricky. You have to decide which users need access to which functions, and that often involves balancing a long list of permissions and roles. 

Also, roles and responsibilities shift quickly in today’s fast-paced companies. SaaS tools are often linked with other systems, and those integrations can create hidden access pathways. SaaS platforms are designed for ease of use, and it often takes just a few clicks to give someone access. Instead of configuring a custom role, one of your cloud admins might grant a user full access to speed up a project, but give that user more access than they need in the process.  

Mitigation tip: Regularly audit user roles and permissions with a focus on identifying and removing excessive privileges. 

Non-Human Identity Exploitation

Non-human identities in SaaS environments, like service accounts, API keys and OAuth tokens, are essential for automating processes, but they pose significant risks. Unlike human users, non-human identities often don’t have the same security scrutiny as enforced MFA and password complexity requirements. 

Threat actors often target these non-human credentials because they provide seamless access to SaaS environments without triggering many of your conventional security alerts. A compromised API key or OAuth token might allow an attacker to bypass normal authentication processes and gain direct access to sensitive systems and data.  

For example, stealing a service account token with admin privileges could enable a malicious outsider to exfiltrate sensitive data, alter configurations or inject malicious code into your SaaS workflows.  

Mitigation tip: Treat these non-human identities with tougher security scrutiny. Use secure API keys and tokens that you rotate regularly. 

Dormant Accounts

Dormant accounts—user accounts that are no longer in use but haven’t been deactivated—are a big issue in SaaS environments. These accounts often belong to ex-employees or former contractors. Sometimes, they are just test accounts that don’t even have an owner (known as orphaned accounts). The problem is that these accounts usually retain their access privileges, so hacking them can be fruitful.  

A CISA warning from early 2024 highlighted this risk when it revealed how Russian-affiliated APT29 was targeting dormant cloud accounts belonging to former employees of government agencies and departments.  

Mitigation tip: To reduce the risk of breaches from dormant accounts in SaaS platforms, centralize Identity and Access Management (IAM) to automate the deactivation of inactive accounts and ensure proper offboarding. If possible, set up workflows to automatically remove account access after a certain period of inactivity.  

Shadow IT and Gen AI Risks

With the explosion of shadow IT—where employees use unsanctioned SaaS applications without IT approval—visibility is reduced, creating security blind spots. When employees use unsanctioned SaaS apps, breach risks increase because your IT and/or security teams lose visibility and control over how data is shared and accessed or how these apps are secured.  

Compounding this risk in recent months is the rapid adoption of generative AI tools, the majority of which are SaaS-based. Sometimes, these tools come as integrations with existing apps that employees might add without IT teams knowing about it.  

 Mitigation tip: Implement clear policies that showcase the need for IT approval for any new SaaS tools, including gen AI platforms, to ensure proper data governance and compliance. Use cloud access security brokers (CASB) to help flag unsanctioned SaaS apps.  

Keeping Pace with SaaS Complexity 

The rapid growth and increasing complexity of SaaS ecosystems make traditional security measures and manual oversight less effective. AI-powered cybersecurity solutions are crucial for businesses to stay ahead of evolving threats. With its predictive capabilities, automated workflows and ability to reduce human error, AI in cybersecurity helps mitigate SaaS risks across diverse applications. 

Enter Nuspire’s Cybersecurity Experience 

The Nuspire Cybersecurity Experience is designed to intelligently unify and enhance managed security services through the integration of AI-powered tools like Nutron. Nutron, our AI-driven cybersecurity assistant, goes beyond basic automation to deliver real-time, context-aware recommendations, streamline operations and anticipate threats before they manifest. This not only reduces the burden on your internal teams but also ensures that your SaaS security is continually optimized. 

With comprehensive visibility across your entire tech stack through the myNuspire platform and the on-the-go convenience of the Nuspire Mobile App, our solution extends your team’s capabilities and helps you make smarter, faster decisions. By combining human expertise with cutting-edge AI, Nuspire empowers you to secure your digital assets proactively—before breaches occur. 

Ready to fortify your SaaS security with AI-powered intelligence? Contact Nuspire today to learn how the Nuspire Cybersecurity Experience can elevate your cybersecurity strategy.

Have you registered for our next event?