Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. In recent years, as the popularity of this approach has increased, the number of cyberattacks and data breaches has similarly increased.
Someone concerned about this trend is Ariel Parnes the COO and Co-Founder at Mitiga. Parnes is a retired Colonel of the Israel Defence Forces’ 8200 Cyber Unit, where he served 20-plus years and received the prestigious Israel Defence Prize for technological breakthroughs in the cyber field.
Software-as-a-service (Saas) data breaches
On the subject of software as a service, Parnes is of the view: “SaaS breaches will take Center stage in 2024. As organizations increasingly rely on SaaS applications, 2024 will witness how these applications take a pivotal role in large breaches.”
Looking at the ‘why’, Parnes finds: “The rapid adoption of numerous SaaS apps, sometimes with no visibility or control by the organization (“Shadow SaaS”), has created blind spots in many environments. The lack of visibility and control, coupled with the access these apps have to sensitive data, makes them attractive targets for cyber adversaries. Organizations will need to address these risks urgently, as SaaS applications are fast becoming the Achilles heel in cybersecurity.”
Psychological operations in cybercrime will rise in 2024
A second area of concern as this year progresses is with the increased sophistication of cybercrime. Here Parnes predicts: “As the digital landscape evolves, 2024 will witness a significant uptick in the adoption of psychological operations by cybercriminals. The new SEC regulations, which mandate quicker disclosure of cyberattacks, will inadvertently fuel this trend.”
Furthermore: “Criminals, recognizing the heightened anxiety these disclosures cause, will increasingly leverage psychological tactics to amplify chaos, exert pressure, and sow confusion. They might threaten data releases, spread misinformation, or employ other manipulative strategies to exploit organizational vulnerabilities.”
In terms of what businesses should do about this, Parnes thinks: “With the stakes higher than ever, it’s imperative for organizations to improve the readiness, both technologically (by having the appropriate tools to create the situational awareness needed during a crisis and remove the inherent fog of war) as well as psychologically (by training leaders and employees to deal with this new type of warfare).”
Advanced AI will drive sophisticated social engineering in 2024
The advance of artificial intelligence poses a new type of threat to firms, observes Parnes. He notes: “As GenAI and LLMs become more accessible, 2024 will mark a notable surge in both the volume and sophistication of social engineering attacks.”
The primary concern, according to Parnes is: “Criminals, equipped with these cutting-edge AI capabilities, will harness vast amounts of open-source intelligence (OSINT) to craft highly tailored and effective campaigns. The days of generic phishing attempts are gone; the future lies in hyper-personalized attacks that resonate deeply with individual targets. Organizations must be vigilant, adapting their defences to anticipate this new breed of technologically-empowered social engineering.”
