SaaS misconfigurations are putting businesses at serious risk

News
By published

SaaS issues rank among top three biggest challenges for businesses

security threat
(Image credit: Shutterstock.com)

Misconfigured software-as-a-service (SaaS) solutions are putting companies at enormous risk of data breaches and loss of business, new research suggests.

According to a new report from SaaS security posture management company Adaptive Shield, most CISOs (85%) see SaaS misconfiguration as a significant threat.

The key issue seems to be the number of tools in circulation. CISOs say they have too many SaaS tools that need to be checked regularly, with just 12% of companies with 50-99 applications able to check their security settings at least once a week. The larger the app count, the less frequent the checks. 

To try and solve the problem, most CISOs (52%) delegate the responsibility to the SaaS owner, who often “has less knowledge and security training”, putting the business at risk.

According to Maor Bin, Adaptive Shield CEO, the findings “present a clear view of an urgent need to secure the SaaS landscape”.

Ransomware on the cards

The findings support additional data published earlier this month by cloud security company Lightspin, which found that many businesses fail to properly configure their cloud instances, in part due to confusing information from vendors.

Analyzing 40,000 AWS buckets and their cloud storage permissions, the company found that almost half (46 percent) of AWS S3 buckets may be misconfigured and should be deemed insecure.

Misconfigured buckets can result in various cybersecurity incidents, including data theft and malware infection, for organizations of all sizes, from SMBs to enterprises.

SMBs that fail to properly configure their SaaS products and cloud instances risk being infected by ransomware and having their systems locked down. Ransomware often results in downtime that lasts for days and prevents businesses from operating normally until the systems are restored. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Representational image of a hacker
The 10 worst software disasters of 2024: cyberattacks, malicious AI, and silent threats
API
Businesses are being plagued by API security risks - with nearly 99% affected
Thousands of misconfigured building access systems have been leaked online
Data Breach
Thousands of widely-used public workspaces are leaking data
Abstract image of cyber security in action.
Network complexity: a hidden tax on business
Closing the cybersecurity skills gap
How CISOs can meet the demands of new privacy regulations
Latest in Pro
ai distillation
5 myths about agentic AI and why your company should embrace the tech
Representational image of a shrouded hacker.
Adapting the UK’s cyber ecosystem
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
Context Windows
Why are AI context windows important?
BERT
What is BERT, and why should we care?
Latest in News
Google Pixel Watch 3 side dial and button
Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
More about pro
Carbonite

This World Backup Day secure your valuable data with Carbonite
ai distillation

5 myths about agentic AI and why your company should embrace the tech
Google Pixel Watch 3 side dial and button

Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
See more latest
Most Popular
Google Pixel Watch 3 side dial and button
Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
XGIMI Portable Outdoor Screen
This cheap new outdoor projector screen looks like a smart companion for portable projectors – get 70 inches of entertainment anywhere
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise