HYCU report suggests many SaaS apps are open windows for malware attacks

Malware detection
Malware detection

SaaS application users don’t realize how many SaaS apps they use, how vulnerable they are to malware attacks and the damage such attacks can cause. 

This is revealed in a HYCU survey and report, “The State of SaaS Resilience in 2024,” which is based on a collaboration with Sapio Research who interviewed more than 400 decision makers around the world. It found that: “More than a third of survey respondents reported being victims of ransomware attacks – and SaaS applications were the source of attack for the majority (61 percent) of breaches”

More than 200 SaaS apps are used by a typical small-to-medium organization and such organizations may not realize the scope of their SaaS app use, nor that their SaaS app data needs protecting. This is intuitively clear, as SaaS app use is meant to be easy and is not necessarily controlled by any IT department decisions and processes.

A Moor Insights & Strategy paper, “HYCU Wants to Revolutionize Data Protection“, commissioned by HYCU, says: “A key challenge with SaaS applications is the shared responsibility for data security, often unknown to the end-customer. While the provider secures the platform, customers are, in many cases, responsible for securing their accounts and data within the application.” 

SaaS-using organizations generally don’t know how many SaaS apps they use: “Survey respondents reported that their businesses, on average, use 22 SaaS applications – yet the average small-to-medium-sized business uses ten times that number. This disconnect suggests that businesses are not aware of what they need to protect and, therefore, are not adequately prepared to protect the solutions that lines of business increasingly rely on.”

In other words they are more vulnerable to malware attacks through SaaS apps than they realize. HYCU ramps up the scare factor with its report saying: “When applications are hit, 90 percent of businesses report they cannot recover encrypted SaaS data within an hour, creating costly downtime and business disruption. …While 71 percent said they could recover data in less than a day, this downtime still represents a major business disruption.”

As well as not understanding the scope of their SaaS use, SMEs are ill-prepared to strengthen security, the report adds: “A majority of survey respondents reported that implementing additional security process is the main challenge with SaaS data protection. In addition, 43 percent of respondents said they lack staff with the skills to do so.”

Two of the main recommendations in the HYCU report for SaaS-using organizations are:

  • Identify the true scope of their SaaS usage, including those tools that may fall under the label of “shadow IT.”
  • Back up and restore data as rapidly as possible – nearly instantly – to avoid business disruption.

Identifying SaaS app use is not trivial. The Moore paper says: “On average, most midsize organizations use over 217 SaaS applications.“ HYCY’s R-Cloud Data Protection-as-a-Service facility is built to protect more than 80 SaaS apps and cloud services, including Asana, Atlassian Jira, Bitbucket, Box, Confluence, DocuSign, GitHub, Google Workspace, M365, Monday.com, Okta, Pinecone, Salesforce, ServiceNow and Redis. This means – if the research is correct – that the majority of SaaS apps are not yet protected.

Customers can build connectors to get a SaaS app protected by HYCUs R-Cloud facilities. The Moore paper says: “Through a partnership with the AI startup Anthropic, HYCU has incorporated Anthropic’s AI assistant, Claude, into its R-Cloud platform. Claude is designed to work with HYCU’s data, understanding the specific requirements of the R-Cloud platform core concepts such as recovery protocols, compliance, and encryption. 

“This collaboration simplifies developing data protection integrations and AI-enhanced security features for automated and user-friendly data management. As a result, what previously took weeks now takes hours or less,” it claims.

All these things, from identifying which SaaS apps are used, understanding the effects of app malware intrusion and data loss, and getting critical data protected, could mean that the cost of SaaS app use will rise – there’s a malware security tax so to speak. 

Get a copy of the report from HYCU by registering here.