SaaS Alerts - Experts & Thought Leaders

“Win on the transition” is a term the author heard for the first time several years ago. The author has written about it and I have conducted numerous public presentations on the topic. Since then, they have observed companies both win and lose on “transitions” across various industries.  Some of these transitions are brought about by innovation, economic conditions, or, most recently, a worldwide pandemic. SAAS Alerts can all think of companies that have supercharged revenue and profits during COVID-19, while they have seen others wither away. Digital transformation Within the MSP industry, the author has witnessed some MSPs thrive in the last couple of years. They have adapted quickly to better secure their customers, and they have empowered digital transformation. At the same time, other MSPs have been slow to evolve. As a result, they are either struggling or growing at a slower rate than their peers. Change is Coming How MSPs handle this price increase will prove to be a transition point for many The author believes users are on the verge of another transition point in the MSP community. Over 90% of all MSPs resell Microsoft 365 and, in case users have not heard, Microsoft is implementing a price increase on 365 starting March 1, 2022.  How MSPs handle this price increase will prove to be a transition point for many. Trusted advisors For years, the term “trusted advisor” has been waved about in MSP circles as an aspirational title. While many have struggled to live up to this designation, MSPs are presented with an opportunity. They can become their customers’ “trusted advisors” with the impending Microsoft price increase that will affect most, if not all, MSP customers. The MSFT licensing programs are very confusing and even most IT professionals have a difficult time understanding them. By understanding the new prices and the different plans, MSPs have an opportunity to right-size both the customers’ protection and their costs for the most widely used application in their stack. MSFT 365 licensing package features Several features are bundled into the different MSFT 365 licensing packages. Most people don’t even know or understand if they need them. Some of these features include: Litigation Hold Auto-expanding email archive Manual, default, and mandatory sensitivity in Office 365 Sensitivity labeling for containers in Office 365 What the Price Increase Means for MSPs Most SMB customers don’t understand whether they need MSFT 365 for Business, MSFT for Enterprise, or Office 365 for Enterprise. Beyond that, they will need to choose the Basic, Premium, or Standard versions of these products. This price increase presents a great opportunity for MSPs to fully understand the differences in MSFT plans, including the features and costs associated with each plan. Most importantly, MSPs can determine how the customer can right-size functionality, protection, and cost. Saves money The foreign application most SMBs are logging into, with their MSFT 365 credentials, is Zoom SMB customers expect thought leadership from their MSPs in understanding all of the software they use. They rely on MSPs to help them save money by eliminating redundant functionality across different products. In SaaS Alerts’ first SASI Report (SaaS Application Security Insights), released in June 2021, it found that the foreign application most SMBs are logging into, with their MSFT 365 credentials, is Zoom.  But, SAAS and all know that MSFT Teams and Zoom do many of the same functions.  As an MSP seeking to be a trusted advisor, the author could use that information to propose that the customer discontinue using Zoom to help offset the MSFT price increase. Instead, the customer would use Teams, exclusively. Comparisons, and pricing options During February, SaaS Alerts is dedicated to better educating MSPs on the different MSFT 365 plans, feature comparisons, and pricing options to help every MSP right-size their customers’ protection and cost. The goal is to share practical insights to help every MSP become a trusted advisor and “win on the transition.” To that end, SAAS Alerts invites users to join them for the Microsoft 365 Price Increase webinar on February 15th or February 23rd. In addition to gaining these insights, every attendee will receive access to our new MSFT 365 calculator. This calculator incorporates the price increases and it includes options for different margin expectations.

SaaS Alerts, the cybersecurity company purpose-built for MSPs to protect and monetise their customers’ business SaaS applications unveiled the findings of its latest edition of the SaaS Application Security Insights (SASI) Report. Published semi-annually, the free downloadable report is the only one of its kind to analyse approximately 136 million SaaS security events across 2,100 small and medium businesses (SMBs) globally and identify cyber trends negatively impacting businesses. SASI report The statistically significant findings of the latest SASI report take into account security events occurring across more than 120,000 user accounts from January 1st to December 31st, 2021, and show that the vast majority of attacks on top SaaS platforms such as Microsoft 365, Google Workspace, Slack and Dropbox are originating from the countries of Russia and China. The data set is statistically significant and enables solution providers to manage a portfolio of SaaS applications with pertinent data and trends to support defencive IT security re-alignments as required. Recent activity The vast volumes of data analysed suggest these countries may even be coordinating attack efforts Additionally, over the last several weeks, SaaS Alerts has seen a sharp rise in activity from countries with consistently high levels of both attempted and successful attacks originating within their borders — Russia and China. The vast volumes of data analysed suggest these countries may even be coordinating attack efforts. Per analysis available from SaaS Alerts, attack trend lines that compare Russia and China show almost the same pattern. Juxtaposed to a chart from Germany indicates that it is not even close to the same pattern, leading to educated speculation that these countries could be coordinating efforts. A mixture of cooperation and competition According to the Brookings Institute, “The U.S. National Security Strategy declares Russia and China the two top threats to U.S. national security. At the best of times, U.S.-Russia ties are a mixture of cooperation and competition, but today they are largely adversarial." "Russia’s increasingly close relationship with China represents an ongoing challenge for the United States." SaaS application security data From January 1st to December 31st, 2021, SaaS Alerts monitored more than 136 million SaaS security events "While there is little that Washington can do to draw Moscow away from Beijing, it should not pursue policies that drive the two countries closer together, such as the trade war with China and rafts of sanctions against Russia.” During the period ranging from January 1st to December 31st, 2021, SaaS Alerts monitored more than 136 million SaaS security events, collecting and analysing the anonymous SaaS application security data to identify a breakdown of cyberattacks on the most popular SaaS applications in use by SMBs today. Key findings of the report 1) On average, SaaS Alerts is seeing approximately 10,000 Brute Force Attacks per day against the user accounts monitored by SaaS Alerts. 2) The origin of potential attacks can be traced back to specific countries with current data indicating that Attempted Unauthorised Logins are coming from actors located in China, Vietnam, Russia, Korea, and Brazil. 3) Successful Unauthorised Logins are originating in Russia, China, Vietnam, Korea, and Brazil. These are countries where an actor has successfully logged in using a valid user’s credentials. 4) The report finds that the Three Most Common Critical SaaS Application Security Alerts stem from: Alert: “User Location Outside Approved Location” is an alert that is triggered when there’s a successful login to a user account from outside of an approved location or an approved IP address range. Alert: “SaaS Integration” which indicates that account credentials have been used to connect to a third-party application which may lead to data and other account information sharing between SaaS Apps. Users often establish these connections for convenience without consideration of potential security violations. Alert: “Multiple Account Lockouts” which is recorded when an account is locked out 4 or more times within 12 hours. Often indicating that malicious actors are actively (typically programmatically) trying password combinations to gain access to the account and have succeeded in validating a correct account name. 5) Other key findings from the report focus on common threat vectors that are putting SMBs at risk including a shocking ratio of Guest User Accounts (versus Licenced Accounts) being leveraged by SMBs with 42% of the over 129,000 monitored SaaS accounts being Guest User Accounts, the report also identifies the top five Third-party OAuth App Integrations being leveraged by SMB users and details a threat vector around Risky File Sharing Behavior with 19% of cloud-based file sharing activity being to external sources versus internal file-sharing. Each of these activities poses a significant threat vector as they potentially open pathways for malicious attacks if not properly monitored and managed. Uncertain cyber-climate “In the uncertain cyber-climate we all reside in today, detailed SaaS security oversight and robust defences are a requirement for ensuring high resiliency and business continuity,” said Jim Lippie, CEO, of SaaS Alerts. “The loss, theft or corruption of mission-critical or sensitive customer data can be operationally and financially troublesome for SMBs that depend on continuous and unrestricted business operations to bolster revenues which have been the target of threat actors for years. We offer this useful threat level breakdown to assist businesses and the MSPs that support them with highly accurate insights about the security landscape they reside in.” Security management and compliance The security management and compliance of SaaS applications in use by SMBs have become a greater concern for MSPs as the deployment of cyber defences takes centre stage. Protection of both the SaaS application and data is critical and must receive SaaS-optimised security controls. Building a security-minded employee culture that centres on security controls, SaaS-native cyber defences, and procedural compliance can play a significant role in reducing the risk of a successful attack.

SaaS Alerts, the cybersecurity company purpose-built for MSPs to protect and monetise their customers’ business SaaS applications released the results of its first-ever SASI (SaaS Application Security Insights) Report. The report, scheduled to be released semi-annually, reveals a shocking trend of over 3,000 Brute Force Attacks per day [against the current SMBs being monitored by the platform] and sheds light on risky file-sharing behavior and the top countries where bad actors are originating their attacks on SMBs. SaaS application security records During the period dating January 1st to May 31st, 2021, SaaS Alerts monitored over 15M events and gathered and analysed anonymised SaaS application security records for over 750 small-to-mid-sized businesses and more than 30,000 end-users. Access and visibility into this unique dataset provides SaaS Alerts a comprehensive and timely view of the current state of SaaS Application Security within the SMB market – and more specifically, within SMBs who are served by MSPs. First-ever SASI report How MSPs are currently pricing and marketing their new SaaS Security Monitoring services Additionally, the report provides insight into how MSPs are currently pricing and marketing their new SaaS Security Monitoring services. “Overall, the findings in our first-ever SASI report emphasise that MSPs need to reassess their security posture when it comes to protecting their customers’ SaaS Applications,” said Jim Lippie, CEO of SaaS Alerts Customer security management "We believe that sharing this data will help MSPs to identify strategies and develop new processes to manage customer security in a data environment now increasingly dominated by off-premise resources." “Our goal is to continue to share this critical information in the hopes that together with our MSP Partners, we can better navigate the current cybersecurity threat landscape and enhance our understanding to better combat the risks that lie ahead.” View of the SMB threat landscape The data environment is also shifting – from local devices and network servers to Cloud-based data creation With this inaugural edition of the report, SaaS Alerts has made a commitment to release its findings twice a year – and as the platform grows to include more users, these insights will become increasingly more valuable and give MSPs a more comprehensive view of the SMB threat landscape. Businesses of all sizes are shifting to SaaS applications and away from locally installed applications. Naturally, at the same time, the data environment is also shifting – from local devices and network servers to Cloud-based data creation and storage. User and network protection This transition requires that technology service providers reconsider the notion of protecting users and networks and reimagine how they think about users and how they follow user behaviour. This is accomplished by understanding how user negligence impacts a company’s security posture while also appreciating how bad actors are able to compromise SaaS environments. Common user behaviours SaaS Alerts saw an average of 3,000 brute force attacks per day leveraged against 750+ small businesses In the first half of 2021, SaaS Alerts saw an average of 3,000 brute force attacks per day leveraged against 750+ small businesses while also uncovering a significant attack vector stemming from common user behaviours such as neglectful file-sharing practices and using M365 and Google Workspace credentials for authenticating third-party integrated applications. These threats will not just go away, they will continue as the data in SaaS applications is valuable to bad actors and their attacks are successful enough to warrant continued effort. Threats, trends, and activities Meanwhile, end users will continue to take shortcuts, share anonymous files, and bypass safeguards in the name of convenience and increased productivity. As a community of technology professionals, with the right tools and a commitment to regular hygiene, many of these risks can be mitigated. The SASI Report analyses the current threats, trends, and activities of SaaS Application users and provides valuable insights to help MSPs protect the companies they serve. SaaS Alerts Report analysis was carried out using proprietary anonymised data gathered via the usage of SaaS Alerts pursuant to its Master Services Agreement.  This and other data are used by SaaS Alerts to identify security and access trends in order to further advance its product and offerings and in order to meet the needs of its growing MSP partner community and the end customers whom it serves. User and business information is anonymised to protect corporate and individual usage data.