Governance & Risk Management , Insider Threat , Video

The Silent Threat: Negligent Users in SaaS Cybersecurity

Wing Security's Ran Senderovitz on Navigating Misconfigured SaaS Risks
Ran Senderovitz, chief operating officer, Wing Security

Insider threats continue to pose significant concerns in today's digital landscape. While malicious insiders have garnered attention due to harmful intent, negligent users often make unintentional mistakes, contributing to potential cybersecurity risks.

See Also: Cloud Security and Developers: Role of Zero Standing Privilege

Software-as-a-service solutions present opportunities for employees to onboard a variety of tools, but SaaS inadvertently poses risks through misconfigurations and improper permissions, said Ran Senderovitz, chief operating officer, Wing Security. While significant organizational efforts are directed toward addressing malicious insiders, negligent users are widespread and tend to use tools that might not be recognized as potential risks, he said.

"Risks can come in few levels; the first one is your onboarding application that doesn't have a high security rating and compliances that your organization needs," Senderovitz said. "You can onboard a malicious application unknowingly. When you onboard an application like that, you provision wrong permissions to that application. The application gets access to manage your Google Drive to read all your information - all of these misconfigurations on user permission, data sharing or using an application that is not secure enough for your organization can become an attack surface."

In this video interview with Information Security Media Group at Black Hat USA 2023, Senderovitz also discussed:

  • The risks of misconfiguration and unauthorized access;
  • The need for organizations to enable productivity through SaaS applications;
  • The struggle security leaders face with gaining visibility into users' application choices.

Senderovitz is a seasoned executive leader with a track record in transforming technological businesses into product, market and business leadership in Silicon platforms, communication, IoT, personal computing, AI and GFX domains.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.