Galit Lubetzky Sharon, the Co-Founder and CEO of Wing Security, has been recognized with several awards, including the Israeli Defense Award. In a recent reflection on the state of cybersecurity preparedness among organizations, she noted a concerning lack of readiness to combat the increasing threat of cyber attacks and breaches. Many companies are heavily reliant on software as a service (SaaS) applications for their core functions, yet they have little understanding of the risks these applications may pose.
Research conducted by Wing Security found that 96.7% of organizations had experienced a security incident with at least one SaaS application in the past year. Additionally, there are 8,500 applications with embedded generative AI (GenAI) capabilities, which can train their models on user data. The slow adoption of SaaS security measures, coupled with upcoming regulatory changes, could leave organizations vulnerable to cyber threats due to the different pace at which SaaS operates compared to traditional software.
Supply chain attacks can spread rapidly, requiring chief information security officers (CISOs) in sectors like finance to report security events within tight time frames as mandated by regulations such as NY-DFS in the U.S. and DORA in the EU. Wing Security identified two key risks in SaaS adoption: SaaS invisibility, where unauthorized use of applications is widespread, and SaaS security responsibility, which often falls on both the provider and end-users. Manual security processes for SaaS are insufficient to keep up with the speed of cyber defense requirements.
In order to meet the speed requirements of SaaS security, organizations must prioritize efficiency in SaaS security posture management (SSPM). This includes reducing the attack surface, promptly detecting and responding to security events, and implementing automated solutions that do not rely heavily on manual processes. The need for speed in SaaS security is driven by the rapidly evolving SaaS supply chain and the interconnected nature of applications, where a vulnerability in one can affect the entire chain.
Best practices for SaaS security must include real-time identification of shadow IT and AI, quick response to security events, and guidance from an incident response team until containment is achieved. Security teams must adapt to the fast-paced nature of SaaS security, leveraging automation and simplified solutions to comply with regulations and secure SaaS supply chains effectively. As time-sensitive cybersecurity regulations become more prevalent, organizations must prioritize speed in their approach to SaaS security to mitigate risks and ensure compliance.
