Hey there, Leader Today. In today's episode of Security on Tap, we dive deep into the world of Software as a Service (SaaS). Join Randy and Jim as they explore what SaaS is, why it poses significant security risks, and what steps you can take to mitigate those dangers.

We start with an eye-opening statistic: the average company used around 15 SaaS services in 2015-2016, but that number has skyrocketed to 150-200 today. This explosive growth has led to a shift where many non-core business processes are now housed outside the core business, creating a blurred network boundary and increasing vulnerabilities.

Randy breaks down SaaS for beginners, explaining how it works and citing major providers like Workday, Salesforce, and Microsoft 365. They discuss real-world breaches involving giants like Microsoft and Snowflake, highlighting the significant risks posed by SaaS environments.

The episode also delves into the challenges of managing third-party risk and the pressures faced by SaaS providers to grow rapidly, sometimes at the expense of robust security measures. They debate the need for industry standards or government regulations to ensure SaaS providers maintain stringent security protocols.

Finally, Randy and Jim offer practical advice for security practitioners, emphasizing the importance of understanding your company's critical business processes, assessing the risk posed by third-party vendors, and having contingency plans in place.

Whether you're a seasoned security leader or new to the field, this episode provides valuable insights into managing SaaS risks and keeping your organization secure.

On this gripping episode of Security on Tap, we undertake a detailed exploration of the recent, impactful cybersecurity incident at Change Healthcare. We outline the events that unfolded on February 21st when Change Healthcare became the latest casualty of Black Cat/Alf V's sinister ransomware service. We shed light on the monumental repercussions this episode has had on the healthcare industry, disrupting pharmacies, SMB healthcare institutions, and even Medicare.

Additionally, we emphasize the critical importance of disaster recovery, business continuity planning, and rigorously evaluating third-party risks and supply chain vulnerabilities. We further broach topics including the security-related implications of mergers and acquisitions, and the vital need for sound identity verification and advanced authentication measures in the face of a surge in cyber threats.

The episode also delves into more profound aspects of cybersecurity, such as 502 compliance, privileged access management, and the rising threat of social engineering. We demonstrate how essential cybersecurity training for employees can drastically minimize potential threats in sectors like healthcare.

Join Randy and Jim as they try to do the impossible. How to get the tech team to do what you want them to do when they don't want to do it. It's not as hard as you think. But doing the intro to a podcast is, which you will discover if you listen in.