The other big report comes from SaaS Alerts, which released its 4th Annual SaaS Application Security Insights (SASI) Report. The report, covering the SaaS application security records of more than 18,000 SMBs, reveals continued low adoption of MFA. Of those records, only 35% enabled MFA, a slight 3% increase over the findings in the 2023 SASI Report.
Microsoft 365 and Google Workspace were the dataset’s most widely used SaaS applications, so they naturally were the most active sources of critical alerts last year. However, only about 1% of alerts from M365 and Google required immediate attention. Meanwhile, Slack was more problematic, with 12% of related alerts identified as critical. That was an almost nine-point jump from Slack’s critical alerts ratio of 3.77% last year. The report also revealed a 75% increase in guest user accounts. Guest user accounts are created on the fly when sharing documents externally and are often left dormant and unmonitored.
SaaS Alerts also announced a partnership with FifthWall Solutions to offer its new Beltex cyber insurance solution to MSPs and their customers.
Why do we care?
Businesses and MSPs must intensify efforts to implement MFA across all user accounts, particularly for critical SaaS applications like Microsoft 365 and Google Workspace. Education and awareness campaigns can help overcome resistance to MFA adoption, emphasizing its role in protecting against data breaches and cyber threats. Insurance won’t cover you if you don’t have MFA.
Businesses should implement policies and procedures to regularly review and manage guest user accounts, including disabling no longer needed accounts. Automated tools can help track guest account creation and activity, ensuring these accounts do not become a security liability. This should be standard practice.
I’m not encouraged by this news.
