As the popularity of Software-as-a-Service grows, so do the number of attacks made on it by cybercriminals. Businesses – and resellers – need to be dynamic to ensure that systems remain as secure as possible. Software-as-a-Service (SaaS) has grown hugely in recent years as businesses take advantage of the benefits of moving increasing amounts of work and data to the cloud.
But with this move comes risks. The number of cyberthreats continues to grow at an alarming rate, and there is now widespread acknowledgement that it isn’t a case of if a business will be attacked, but when and SaaS is no exception.
Glenn Chisholm, co-founder and CPO of Obsidian Security, says that as more business-critical information migrates to SaaS applications, they have become the primary target for attackers. “We are seeing a record number of attacks in this space. In just the past year, SaaS breaches have spiked by an alarming 300%, impacting major organisations like Microsoft and Okta,” he says.
“However, the growing adoption of SaaS has expanded the attack surface, with each new application introducing new potential vulnerabilities through misconfigurations, overprivileged access, and identity compromise.”
One of the most popular tactics is spear phishing. “About one in three SaaS breaches result from these attacks,” Glenn says. “Because adversaries now have access to AI tools and phishing-as-a-service kits to improve their tactics, we’ve seen these sophisticated identity-based attacks routinely bypass traditional security measures like multi-factor authentication (MFA) or email security gateways (ESG).
“A rules-based approach to detecting and responding to these threats will only produce a lot of noise and quickly become outdated. Building models based on actual threat actors and methodologies is the best strategy to stay ahead of these attacks.”
Ian Cairns, director at TalkTalk Business, says that while SaaS enhances flexibility and productivity “it can also expose businesses to greater risk, due to potential data breaches, poor access controls and compliance issues. It’s important to follow best practices or get expert advice to mitigate any risks.
“Cybercriminals are becoming more sophisticated, often operating as organised networks, which makes it difficult for businesses to stay ahead. In fact, 41% of IT leaders say securing cloud applications and devices is their biggest challenge.
“To combat these evolving threats, businesses must partner with security specialists who are on the forefront of threat detection and prevention. Staying ahead of criminals is challenging but adopting a proactive approach and constantly updating security measures gives businesses a much better chance of defending against attacks.”
VimalRaj Sampathkumar, technical head – UK and Ireland at ManageEngine, adds that businesses store sensitive information on SaaS platforms such as Microsoft 365, Dropbox, SharePoint Online, and more. “But many IT teams often lack understanding of the different cloud providers’ offerings, which means sensitive data can be under threat and vulnerable to cyberattacks,” he says. “In addition, when data is stored across multiple platforms, this can also lead to increased instances of cyberattacks that leverage cloud security loopholes such as misconfigurations and insecure APIs.”
Akhil Mittal, senior security consulting manager at Black Duck, says that SaaS platforms are prime targets for attackers as they centralise data from multiple customers in one place. “One breach can ripple across hundreds of organisations due to multi-tenant setups, APIs, and third-party integrations,” he says. “Each connection is a potential entry point. A common misconception is that SaaS providers handle all security. In reality, under the shared responsibility model, organisations still need to manage access controls and monitor account activity which is often an overlooked area. Third party integrations and API add even more risk. With so much valuable data concentrated in SaaS, attackers see an opportunity to ‘hack once, breach many,’ making proactive, layered security essential.”
Security strategies
There are various strategies available to help keep SaaS secure, and resellers can play a vital role. For instance, as Akhil notes, effective SaaS security relies on visibility and control. “Adaptive Identity and Access Management (IAM) is essential, assessing each login based on factors like location or device, while behavior-based monitoring helps teams quickly spot and respond to unusual activity,” he says.
“Zero trust principles add another layer by limiting lateral movement if the breach does occur. For data protection, Data Loss Prevention (DLP) and customer-managed encryption keys help organisations keep control of their data, even within a SaaS provider’s environment.”
Adam Brown, managing security consultant at Black Duck, notes that AI/ML for defensive analysis and automation can help secure SaaS. “However, that same technology is in use by attackers to craft new and automated – therefore scalable – attack methods,” he says. “Keeping ahead of attackers’ evolving tactics requires constant vigilance – be on point with your logging and monitoring as well as threat intelligence – keeping technology updated, and ensuring all staff and contributors are trained and aware of risks.”
Glenn notes that SaaS security is a shared responsibility. “But SaaS security is also uniquely complex, making it incredibly challenging for security teams to manage at scale,” he says. “A single organisation may rely on hundreds of SaaS applications, each with distinct activity logs, configurations, permission models and numerous integrations. Compounding this complexity is shadow SaaS applications unknown to security teams.
“To prevent SaaS breaches, organisations must address the entire SaaS security lifecycle, encompassing application posture and identity security. Posture management reduces exposure by minimising risks like over-privileged users or configuration drift. Identity security protects identities across the kill chain, reducing spear phishing risks, blocking token compromises, and enabling rapid detection and response before any data is exfiltrated. Effective SaaS security requires detailed context about users, applications, and data for fast and complete mitigation.”
Sophie Sayer, sales director at IT Governance Ltd, says that staying ahead of cybercriminals requires significant investment, ongoing vigilance and adaptability. “As attack methods become more sophisticated and skilled cyber security professionals remain in short supply, protecting business systems becomes increasingly difficult,” she says. “At a minimum, organisations should have a Cyber Incident Response Plan in place to enable a rapid response and recovery when a breach occurs. Such a plan is essential, as breaches are no longer a matter of ‘if’ but ‘when’.
“While the challenge is persistent, the right strategies and tools empower organisations to manage and mitigate many of these risks effectively, helping to safeguard their operations and maintain resilience against evolving cyberthreats.”
Chris McKie, VP, product marketing for security and networking solutions at Kaseya, says that the best solutions for defending SaaS platforms revolve around detection and response tools, such as managed detection and response (MDR) offerings. “Cloud-specific monitoring tools that detect unusual behaviors and suspicious login attempts, and lastly Secure Access Service Edge solutions that enforce user-specific zero trust access to cloud apps and platforms,” he says.
“Cybersecurity tools, such as firewalls, antivirus and even endpoint detection and response (EDR) solutions, have been around for a long time, but because SaaS platforms are a new, there are fewer options available to effectively defend SaaS apps and platforms. In response, the industry has developed improved ways of monitoring SaaS platforms, as well as innovative ways of enforcing user-access. This helps reduce cyber risks associated with SaaS adoption, but cybercriminals are well ahead of the curve when it comes to infiltrating SaaS apps and platforms. For the foreseeable future, the advantage will skew in favor of cybercriminals until more SaaS defense measures are adopted globally.”
Trends
There are several distinct trends in the market currently in the ongoing battle to keep ahead of cybercriminals. “SaaS security is moving toward continuous, automated checks that adapt as new threats emerge,” says Akhil. “Tools like SaaS Security Posture Management (SSPM) are becoming essential, continuously monitoring for common vulnerabilities like misconfigurations. Meanwhile, attackers are using AI and layered attacks to exploit weak spots in APIs and authentication. Staying ahead requires predictive, real-time monitoring that can detect and address risks before they escalate.”
Vimalraj says that there is an upward trend in security spending, which underlines a growing recognition of high-profile attacks and sophisticated cyber fraud tactics,” he says. “It’s likely that businesses will devote more funds to the adoption of cutting-edge security technology, like cloud security solutions and AI-driven threat detection, as new threats emerge. In SaaS, these robust cybersecurity measures can help mitigate risks and safeguard sensitive information.”
Pieter Vanlperen, CISO at Own Company, adds there is increasing focusing on advanced threat detection, zero trust architecture and AI-driven solutions to keep up with sophisticated cyberthreats. “As cybercriminals employ increasingly advanced tactics, it’s challenging for businesses to stay ahead, particularly as the attack surface grows with more SaaS integrations,” he says. “Tools like SSPM, automated attack surface scanning, IAM, and zero trust are now essential. Despite these advancements, keeping ahead of attackers remains challenging due to their adaptive methods, prompting a high demand for continuous monitoring, drift detection and correction, and proactive threat intelligence.”
Security CMS
When it comes to SaaS such as a CMS there are many steps businesses can follow to prevent attacks, says Sebastian Gierlinger, VP of Engineering at Storyblok. “This includes making sure that the CMS platform’s access control and encryption features are turned on and configured correctly,” he says. “This is not only true for CMS systems but for almost all internet-connected services.
“Provide employees and content contributors with only as much ability to access or change the content as they require. In most organisations, very few people need the ability to add, delete, or change content, or to modify other users’ access privileges. When employees leave, turn off their CMS access immediately and have procedures in place to handle offboarding properly. Design the system so that the servers containing the content cannot be accessed except via the CMS platforms, to separate assets and limit the damage that can be caused.”
Reseller conversations
When talking about security for SaaS solutions, there are various things that resellers should be highlighting to customers. “It’s important that resellers are aware of their producer’s security initiatives. We are now at a point where security sells,” says Adam. “Buyers will actively pursue evidence of security measures and even mandate it. Certainly, with the advent of DORA and other acts, we will see financial entities demand evidence of their security initiatives, activities and assessments.”
Vimalraj agrees that resellers need to have in-depth discussions with customers to build understanding and trust. “This includes assessing each client’s unique security risks and industry-specific vulnerabilities, clarifying the importance of regulatory compliance with standards like GDPR and CCPA, and helping them navigate complex choices among tools like CASBs, secure APIs and real-time monitoring solutions,” he says. “It’s crucial to highlight proactive, future-proof security measures such as zero trust architecture and AI-driven threat detection to help clients prepare for evolving threats like ransomware and AI-based attacks.
“Additionally, resellers should emphasise the role of employee training in reducing human error, often a significant security risk, to ensure customers can fully leverage the tools and meet compliance requirements.”
Akhil adds that resellers should go beyond simply selling solutions by helping customers build a comprehensive SaaS security strategy. “This starts with explaining the shared responsibility model so that clients understand the importance of internal practices – SaaS providers can’t handle everything,” he says. “Resellers should also guide customers on resilience planning, including incident response and data backup strategies, to ensure operations can continue if a breach occurs. Resellers should also address the issue of ‘shadow IT’ – unauthorised apps that bypass security measures and recommend tools to detect and secure these apps.”
Resellers should also discuss the importance of zero trust principles, MFA and drift detection as essential layers of protection, adds Pieter. “They should also address the value of continuous monitoring, threat intelligence, and incident response capabilities to quickly identify and mitigate threats,” he says. “Additionally, it’s crucial for resellers to outline how regular updates, training, and best practices in user behaviour can strengthen the overall security posture, ensuring customers are well-equipped to handle evolving cyber risks.”
Ian notes that resellers should emphasise the need for proactive security measures, as threats can come from multiple angles. “Advising customers to implement solutions that enable real-time threat detection and response is crucial,” he says. “Businesses must ensure that their networks remain secure as new threats emerge, such as updated and more sophisticated malware.”
But MSPs and resellers need to talk about risk more and cybersecurity less, according to Chris. “Clearly, there are advantages to moving workloads to the cloud – mostly because of efficiency gains and cost reductions. What needs to be discussed is what are the risks associated with moving workloads to the cloud, and how they can be minimised,” he says.
“By communicating what’s at risk – data theft, account takeover, ransomware attacks, hosting DDoS and advanced persistent threats – then business decision makers can weigh the costs of implementing MDR and SASE security solutions versus the costs of not protecting their SaaS platforms, or keeping certain, more sensitive workloads on-premise, rather than the cloud.”
Education is key
Randall Degges, head of developer relations and community at Snyk, adds that resellers should look to be educators and supporters. “Assisting organisations in getting the most out of their development and security platforms, as well as helping them interrogate the SaaS vendors they use,” he says. “Their own DevSecOps are critical to avoid becoming part of the problem. CVEs spread through the software supply chain have a mass effect across many organisations. Strong DevSecOps delivering secure products is the foundation for the whole SaaS ecosystem.”
Sebastian agrees that education is key. “Vendors, MSPs and channel partners need to get on the same page when it comes to understanding the current and evolving cybersecurity threats. This should go beyond the traditional ‘training’ of how to use a particular tech stack but giving partners and customers the whole picture of the cybersecurity landscape. This could include tutorials on how to spot weak links in your system, how to spot potential threats or masterclasses on new and evolving cyber threats. The times are changing and the IT channel has to get on board, otherwise, it risks not only cyberattacks, but also monetary and reputational damage.”
Future
Akhil says that SaaS security is moving toward self-healing systems that use machine learning to detect and respond to threats automatically, reducing the need for human intervention. “Stricter regulations are also driving stronger compliance, pushing providers and customers to strengthen their defenses,” he says. “We will see a focus on proactive measures with real-time monitoring and built-in resilience.”
Glen Williams, CEO of Cyberfort, adds that customer demand will influence how the market develops. “Increasing numbers of customers rate security as a significant reason why they choose a SaaS solution, and the days of uncontrolled SaaS driven entirely by the line of business appear to be fading,” he says. “The future will consist of increased due diligence and automatic evidencing as part of the sales process, further integrations with identity and security monitoring solutions and better ‘out of the box’ security configurations. As more enterprises either expand security team remits to cover SaaS or create new teams for application security, these requirements will continue to develop as ‘table stakes’ for SaaS providers.”
Pieter says that eventually, AI and automation will help defenders identify and respond to cyber threats quickly. “By analysing patterns and behaviours, AI-driven systems can detect anomalies, flag potential attacks, and even initiate automated responses to contain breaches,” he says.
“For now, there are things everyone can do better to help when they are attacked. These include detecting anomalies in your operations which require understanding your baselines, having a better understanding of your data, and the history of that data. This is important because AI will make maintaining integrity and availability more challenging. Everyone needs to be more honest about what their systems can do, and every business has a responsibility to make sure their data is not tampered with and can be trusted.”
Ian adds that there will need to be continuous adaptation to new threats. “As businesses adopt hybrid cloud models, security solutions must evolve to protect networks across diverse environments,” he says. “The complexity of networks in a hybrid cloud approach increases the risk of weak spots, creating new opportunities for cybercriminals. Data flow between public and private clouds can create vulnerabilities, giving attackers access to sensitive data.
“Businesses must stay proactive, ensuring their security evolves with technology to safeguard their SaaS infrastructure and protect against future threats.”