Recently, supply chain attacks leveraging the interconnectivity of SaaS applications have become increasingly lucrative for cyber criminals. As the 2022 IBM Cost of a Data Breach report points out, one in five data breaches this year was caused by a supply chain compromise. Judging by the high-profile attacks of early 2022, including the GitHub OAuth attack campaign and Okta (LAPSUS$) breach, this trend is likely to accelerate, making these compromises more frequent and expensive.
According to the IBM report, the average cost of a supply chain breach was reported to be $4.46M, higher than the global average cost of data breaches. The continuing rapid adoption of SaaS applications by more and more business application owners, often without security review, will make this attack vector increasingly more pervasive and disastrous. Ownership over applications, integrations, identities and privileges will become primarily distributed across business units, and therefore harder for security teams to monitor and manage..
The report also notes that the average time to remediate a supply chain compromise was 303 days this year – 26 days longer than an average data breach. This remarkable lag time has clear ramifications for the overall rise in the cost of goods and services, resulting in an overwhelming ripple effect.
The growing number of external points of access into organizations and the alarming lack of adequate security controls to govern third-party access are clear contributing factors to the stark rise of this attack vector and the difficulty in achieving adequate remediation. A lack of visibility into shadow SaaS applications and the interconnected mesh of third-party integrations makes it difficult to catch breaches as they occur, stop attacks in real-time, or undertake post-event remediation. In Valence Security’s recent 2022 Shadow SaaS-to-SaaS Integration Report, our research shows that the average organization has 917 SaaS-to-SaaS third-party integrations – 4-5 times the amount estimated by CISOs who responded to our survey. As a senior enterprise CISO notes in Valence’s report, “[With] our workforce changes (on and off boardings), contractors, and cloud environment changes it is difficult to keep up with SaaS connections.”
Placing trust in a vendor’s own security controls is clearly not a sound security solution for enterprises, as third-party risk management processes lack context, continuity and visibility into the scope of a third-party integrations access to their organization’s core SaaS applications such as Microsoft 365, Google Workspace, Slack and Salesforce. These integrations are drivers of business productivity, efficiency and velocity, but with 19% of data breaches stemming from supply chain attacks, security teams must balance these benefits with appropriate security mechanisms to govern them.
Valence helps organizations dramatically reduce time to remediation by mapping, monitoring and mitigating these growing threats with a comprehensive security solution leveraging automated risk contextualization and remediation, without adversely influencing business processes. Remediation workflows can be scaled through engaging business users, educating them about their SaaS security risks, thereby empowering your security team as business enablement champions rather than impediments to adopting SaaS applications at scale.
Constant enforcement of security policies across the organizational SaaS stack - ensures that any new risks, topology changes and anomalies are immediately addressed and remediated. Such full-scale risk reduction can significantly reduce the cost of supply chain breaches, mitigating them before they occur and eliminating the need for legacy point solutions throughout the remediation process.