Galit Lubetzky Sharon, Wing Security Co-Founder & CEO, has received numerous accolades including the prestigious Israeli Defense Award. Read Galit Lubetzky's full executive profile here.
Reflecting on the more than 500 companies we serve and several recent meetings with IT and security teams, I am surprised that so many organizations are ill-prepared to counter the growing threat of cybersecurity attacks and breaches.
Many innovative organizations are relying heavily on software as a service applications as part of their core business functions, yet many of them have little understanding of the SaaS risks they may be introducing.used at least one SaaS application that had a security incident in the past year. We also found that 8,500 applications already have embedded generative AI capabilities, and many of these AI-powered applications are able to train their models on user data. My concern is that the slow adoption of SaaS security and impending regulatory changes could catch these organizations off guard because SaaS operates at a different pace than traditional software. The need for speed will become especially apparent as time-sensitive cyber defense requirements take hold. Given how fast supply chain attacks can move laterally, in the financial sector, for example, regulations such as NY-DFS in the U.S. and DORA in the EU now require chief information security officers to be accountable for reporting security events in their SaaS supply chains quickly .• SaaS Invisibility:in the average organization are being used exclusively by a single employee, often unsanctioned and unsupervised. This trend is driven by the convenient consumerization of SaaS services. An equally serious issue is the often unnoticed tendency of employees to unthinkingly accept the terms and conditions of different SaaS providers without considering, or even knowing, the risks involved. This careless action could inadvertently allow thousands of SaaS apps to access and train on a company’s sensitive, non-public information and data.While securing SaaS configurations is essential, the responsibility for cyber protection often lies with the SaaS provider and employees' usage of the SaaS apps. Initial hardening of these app configurations is necessary, but not sufficient. This practice adds heavy vigilance requirements to already overloaded security teams that must quickly identify and address incidents to minimize potential damage and adhere to regulations. These teams also must guarantee that their SaaS applications meet essential security and compliance standards, maintain comprehensive records of cyber breaches and uphold security best practices.Manual processes to monitor and protect SaaS will be quickly outpaced, leaving the organization open to risk of breach and non-compliance. To ensure a 72-hour turnaround for notifications, security must be simple, efficient and not heavily reliant on human processes.Periodic checks of the SaaS supply chain implied in financial regulations are critical, but not sufficient. The temptation for employees to experiment with new technologies and services has never been higher, and the organization's supply chain changes rapidly. Triggering risk management processes as soon as a new service is introduced is critical. Expecting security teams to manually manage these actions is unrealistic.SaaS applications, necessitating a security approach that can easily accommodate quick decision-making within each business unit. Security, legal and procurement teams don't have the resources to thoroughly investigate each service. Teams will need automated, quick insights into SaaS usage, compliance and AI capabilities to significantly reduce their time and cost impacts on the business.The interconnected nature of SaaS offerings means that a vulnerability in one application can affect the entire supply chain. Organizations have hundreds of SaaS applications in use. Incidents like theRegulations now mandate CISOs to report incidents within their supply chains in time frames measured in hours. The ability to communicate with security researchers or receive alerts from experts who will contact the organization’s teams in case of an emergency is incredibly valuable.Skilled and available cybersecurity practitioners are scarce resources in most organizations. Most rely on security solutions and partners, making choices based on what resources are required for implementation. The ideal cybersecurity solutions are easily deployed in the organization, do not require installation on endpoints and use automation to share risk and work between employees, business units and security teams. Once again, the speed factor must be heavily weighted.To satisfy the need for speed, CISOs must prioritize efficiency in SaaS security posture management to ensure comprehensive and efficient SaaS security best practices that discover and manage the entire organization’s SaaS supply chain. These best practices must reduce the attack surface by eliminating unused tokens, unnecessary apps and inactive users. They must also promptly detect and respond to leaked credentials, breaches and security events experienced by SaaS providers. Criteria to meet speed requirements should include near real-time identification of shadow IT and shadow AI, security changes and security event detection and real-time guidance from an incident response team with personalized support until containment is achieved.The pace of SaaS security has accelerated tremendously in recent years. Simplified security solutions with automation can help to increase efficiency in complying with regulations and securing SaaS supply chains. Time-sensitive cybersecurity regulations are being adopted by more organizations across more regions, and the growing reliance on SaaS across functions is driving this need for speed.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Rep. Gimenez sounds alarm over ‘national security concern’ after TSA ‘security breach’Political News and Conservative Analysis About Congress, the President, and the Federal Government
Read more »
Senate Homeland Security committee to investigate Trump assassination attempt and security failureThe Senate committee on Homeland Security and Governmental Affairs is launching an investigation, which will include hearings, into the assassination attempt on Trump and how it took place.
Read more »
Former Secret Service agent discusses security measures, calls Trump rally security 'a failure'From his home in Atlanta, Steen spoke to 10TV Reporter Kevin Landers about Saturday’s attempted assassination of the former president.
Read more »
Trump rally shooting a security ‘failure,’ Homeland Security chief saysThe Secret Service director and other officials face pressure to explain if mistakes in planning may have allowed Thomas Matthew Crooks to open fire.
Read more »
Trump rally shooting a security ‘failure,’ Homeland Security chief saysThe Secret Service director and other officials face pressure to explain if mistakes in planning may have allowed Thomas Matthew Crooks to open fire.
Read more »
Homeland Security inspector general investigates Secret Service handling of security at Trump rallyWASHINGTON (AP) — The Department of Homeland Security’s inspector general says its investigating the U.S. Secret Service’s handling of security for former
Read more »