top of page

DoControl 2024 Outlook: SaaS Application Attacks, Stringent Regulations, and AI Social Engineering

As 2024 approaches, cybersecurity experts Adam Gavish, CEO & Co-founder, and Tim Davis, VP Solutions Consulting, at DoControl share their predictions, highlighting the evolving landscape of SaaS application attacks, regulatory changes, and the battle against AI-driven social engineering threats.


DoControl

Adam Gavish, CEO and Co-founder, DoControl

New Year, New Flavor: The Evolution of CASB Solutions in the SASE Era


In the new year, CASB solutions provided by SASE will lose their flavor. Today, SASE solutions secure remote connections so that employees can browse to corporate applications from any network and any device, making the old proxy mode CASB enforcement irrelevant. More organizations are transitioning to SaaS-only operations than ever before, making it harder to secure complex networks. In 2024, we will see security teams advancing to API mode CASBs that understand how SaaS applications work and how SaaS data is modeled, allowing them to enforce and remediate through robust API integrations. Modern-day API mode CASBs will be able to perform the following capabilities:

  • Leverage SaaS Webhook events to detect and respond to SaaS threats in near real-time - without any agents installed

  • Combine critical business context from HRIS/IDP integrations to enrich native SaaS activity events and data inventory with legitimate business context

  • Discover all SaaS data, OAuth apps, users, groups, and inventory to visualize the entire attack surface.

This will provide more contextual information to narrow down the scope to deterministic insider threats, enable faster detection and response, and help security teams better visualize their entire attack surface to prioritize top threat models across business units.

The Next Big Attack Surface in 2024: SaaS Applications


As many businesses shift to remote or hybrid work post-pandemic, a significant amount of SaaS applications have been downloaded for work use. In 2024, SaaS applications will present the next biggest attack surface that organizations have not yet addressed. Businesses are increasingly relying on cloud-based solutions for critical operations, which is expanding the attack surface and broadening the canvas for cybercriminals to exploit vulnerabilities. Moreover, the rise in popularity of Generative AI will make social engineering attacks become easier for SaaS identity account takeovers. Security teams will need to assess all the applications that have been installed by employees, determine which are necessary for business operations, and understand the attack surface each presents. In the new year, organizations will need to “clean up” their SaaS security posture and remove all unnecessary applications with extensive permissions. Security teams will need to develop a comprehensive SaaS security program to monitor application installations and manage security controls so they can avoid a major SaaS data breach in the new year to come.

The Future of Protection


With the SEC's adoption of new rules on cybersecurity disclosure for public companies similar to CISA SCUBA, the regulatory landscape is likely to evolve and become more stringent in regards to data privacy and cybersecurity. Organizations will be expected to provide more detailed and accurate information regarding their cybersecurity practices and incidents which will prove to be difficult if they continue to depend on legacy CASB/SaaS Security tools. These aging tools don’t provide the necessary levels of granular controls, business context, or automation. It will be critical for organizations to invest in their cybersecurity practices and come to recognize the importance of safeguarding sensitive information while staying in line with the regulatory expectations placed on them and their peers. All of this to say, organizations that proactively invest in robust cybersecurity practices and adapt to the evolving regulatory landscape are likely to be better positioned to protect their data and maintain trust with stakeholders.

The Real Battle: AI Social Engineering vs. SaaS


As we’ve watched the AI boom unfold, we’ve witnessed the peaks and valleys of its evolution. AI’s effectiveness seems to be endless for organizations worldwide. However, the combination of AI's adaptive algorithms and expansive data processing capabilities has ushered in malicious intent by attackers. The number of AI powered social engineering attacks will likely see an exponential growth in 2024. The main victim being SaaS applications and SaaS identity accounts. Organizations will need to play by establishing strong SaaS data exposure hygiene that can create a crucial line of defense.

Key aspects of SaaS data exposure hygiene include:

  • Access control management

  • Encryption protocols

  • Regular auditing and automated monitoring

  • Data Loss Prevention (DLP)

  • Creating a well-defined incident response plan

Even if attackers manage to breach one layer of security, they will encounter additional obstacles when trying to access valuable data. Organizations will have the time and resources to defend themselves before it’s too late. This added layer of protection is vital for safeguarding sensitive information against constantly evolving and sophisticated threats.

The SaaS Supply Chain Revolution


In the coming year, supply chain security is poised to advance significantly. Security teams will be mandating the implementation of robust SaaS Security programs, specifically focusing on the governance of SaaS OAuth Supply Chain through standardized procedures. This entails the establishment of a structured process where OAuth App Reviews are seamlessly integrated with end-user operations. To properly enforce supply chain security, organizations must implement robust SaaS Security Programs, encompassing access controls, encryption, and regular audits. Additionally, the standardization of OAuth App Reviews will be crucial and will involve meticulous scrutiny of application permissions, authentication mechanisms, and security parameters to meet predefined standards. Automation tools can streamline these reviews, ensuring efficiency and consistency while reducing the risk of human error. By integrating these technical measures, organizations can proactively enhance the security of their supply chains, safeguarding critical processes and data against cyberattacks. This approach fosters a more resilient and secure operational environment in the face of evolving cyber threats.

Tim Davis, VP Solutions Consulting, DoControl


Emerging SaaS Application Cybersecurity Threats


In 2024, more than ever before we can expect to see a spike in organizations that are SaaS first/SaaS only. The emergence of Artificial Intelligence (AI) will mean even more SaaS platforms will be created and used in 2024, all with an eye towards solving a productivity or business problem rather than keeping that data within these apps secure, leaving the door and the keys to the kingdom wide open for malicious actors to take advantage of.

The Rise in Decoupling SaaS Security from Endpoint and User-based Solutions


The emerging trends in SaaS security that we can expect to see in 2024 will be the rise in organizations looking to decouple SaaS security from endpoint and user-based solutions like Secure Web Gateway (SWG) and Zero Trust Network Access (ZTNA). This will follow the pattern we saw of IAAS security platforms (i.e. Cloud Native Application Protection Platforms (CNAPP) decoupling from Security Service Edge (SSE)).

As productivity is key for SaaS adoption, we can expect to see proxy first approaches slow down user traffic due to online Secure Sockets Layer (SSL) inspection and Data Loss Prevention (DLP) scanning. SaaS security must be user-enabling and enhance productivity, not hinder it. For SaaS security, context matters. Legacy solutions look only at the contents of the files (DLP) to determine risk of data access or movement. In the new year we can expect to see both security (identity, endpoint, etc) and business (partnerships, contractors/consultants, 3rd and 4th parties, etc) context factored into SaaS security policy creation and enforcement.

Comments


bottom of page