37% of Third-party Applications have High-risk Permissions

Recent data analysis reveals a significant increase in the integration of third-party apps with email platforms. This trend underscores the rapid expansion of a new avenue of vulnerability that cybercriminals are exploiting, demonstrating their ongoing evolution in attack strategies. 

The presence of software-as-a-service (SaaS) applications is continuously growing within enterprises worldwide. Staff members are providing permissions to external apps, allowing them to access fundamental SaaS platforms such as Microsoft 365 (M365) and Google Workspace. 

This trend introduces security vulnerabilities. Simultaneously, security personnel and organizations are struggling to monitor the number of interconnected applications or assess the extent of the security threats stemming from these apps.
Throughout the initial six months of 2023 (spanning January to June), there was a steady upward trajectory in the integration of third-party applications. 

Concurrently, Abnormal noted a consistent escalation in instances of business email compromise (BEC) and vendor email compromise (VEC) attacks. This pattern of growth has remained consistent over the preceding five years.
Abnormal’s findings revealed that, on average, organizations now incorporate 379 third-party applications with their email systems. This reflects a substantial surge of 128% since the year 2020. 

In th

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.