Newsroom

The first annual SaaS security report, "State of SaaS Security 2024," was conducted by SaaS security leader Reco. Drawing from our analysis of over 6,600 SaaS environments from over 50 enterprises across all verticals, this report provides an unprecedented, data-centric view into the SaaS security landscape in 2024 as CISOs prepare to set priorities for 2025.

These recent trends and data underscore a critical shift in cybersecurity: identity security is no longer just a tactic—it’s a strategic frontline defense. As adversaries leverage AI and machine learning to develop more sophisticated and precise identity attacks, organizations are left grappling with the rapid pace of AI-driven threats. Reco CISO, Merritt Baer shares how CISOs can stay ahead, CISOs by adopting a identity-first security.

The industry consensus about ransomware is that it's not going away anytime soon, evidenced by the consistent growth of ransomware attacks over the past decade. Ransomware gangs have a new strategy: Ransomware-as-a-service (RaaS) organizations are focusing on African nations as initial targets for nation-state attacks before launching malicious campaigns in more developed climes. Reco CPO Gal Nakash explains how this approach makes perfect sense from the attackers' perspective.

Reco CEO & Cofounder Ofer Klein discusses that fact that most companies underestimate their SaaS exposure. He provides ways to prevent data exposure by having visibility into all connected SaaS apps and avoiding giving apps permissions they ask for in this thought leadership piece for Forbes Technology Council.

As organizations embrace a more interconnected ecosystem of SaaS applications, the traditional security perimeter has become increasingly blurred. The shift towards SaaS adoption has introduced new security challenges that can expose companies to threats they didn’t anticipate. Reco CPO Gal Nakash shares how business leaders can stay secure as they continue to use the hundreds of SaaS applications across their networks.

Unlocking AI’s potential to deliver greater efficiency, cost savings and deeper customer insights requires a consistent balance between cybersecurity and governance. AI infrastructure must be designed to adapt and flex to a business’ changing directions. Cybersecurity must protect revenue and governance must stay in sync with compliance internally and across a company’s footprint.

With 23andMe in crisis, strengthening identity security has never been more urgent. DNA data exposes victims of identity attacks to a lifetime of potential liability. If it’s compromised, you can't reset it. Identity security isn’t just a technical issue, it’s a fundamental component of corporate trust between a company and its users. When executive leadership is in flux, the entire organization is exposed to questions around how an entity will enforce both the strategic and the tactical behaviors that customers need to see.

In the first of this four-part video series, a panel of expert CISOs discuss the long-term impacts of the SEC’s cyber rules, which went into effect last year and have significant implications of incident disclosure processes. Decipher editor Lindsey O’Donnell-Welch talks to Merritt Baer, CISO at Reco, Neda Pitt, CISO at Belk, and Danielle Snyder, cyber and compliance lead at Raytheon, about what these rules mean for incident disclosures at a broader level, as well as CISO liability.

We're excited to be recognized on executive search firm Will Reed's list of the Top 100 early-stage companies building strong and positive company cultures!  This list acknowledges our dedication to building a people-first culture alongside innovative, effective products. Will Reed has spotlighted these companies’ upleveled care for their employees, considering criteria like PTO, maternity leave, remote work, healthcare, and more.

The Enterprise World magazine features Reco as part of their September edition of the most trusted cyber security companies to watch in 2024. The article covers how Reco is leading the SaaS security domain with comprehensive coverage, posture management, shadow app discovery, and threat detection and response.

As organizations increasingly rely on SaaS applications, the risk of data breaches and unauthorized access grows significantly. Dan K Anderson, a CISO and vCISO with deep knowledge of information governance, highlights the challenge in this article. Traditional DLP solutions often fall short when it comes to securing unstructured communication data, leaving organizations exposed to risks they might not even know exist. Reco bridges this gap by providing SaaS app discovery, continuous monitoring, automated risk assessment, identity governance, and threat detection and response for all SaaS applications.

It's no great revelation to say that SaaS applications have changed the way we operate. We routinely rely on cloud-based applications to conduct our basic functions, and the only true perimeter has become the identities with which we log into these services. Unfortunately applications asks for various amounts of permissions into our data, which often rely on other vendors' services, creating not a network, but a tangle of interdependent intricacies that has become so complex most security and IT teams don't even know how many SaaS applications are connected in, let alone what they are or their access permissions. Luckily there are steps to take to untangle this ball of SaaS yarn IT and security teams worldwide are left to deal with.

The conversation is shifting: security is no longer an afterthought, it's the priority. Reco CISO Merritt Baer emphasized the critical nature of security in today's digital landscape. Gone are the days when security took a backseat to other IT investments like legacy modernization or AI. Security has emerged as the top budget item that companies are least likely to cut, regardless of economic pressures.

Hackers, data breaches, and shadow apps are among the many threats companies monitor. Black Hat is an annual cybersecurity conference where vendors share how they approach modern cybersecurity's complexities. Reco was interviewed by KSNV News 3, Las Vegas on how SaaS apps are vulnerable to data exposure. Reco CEO Ofer Klein described the urgency for SaaS security, and how it goes beyond two-factor authentication.

Reco CISO Merritt Baer shares thoughts on the recent CrowdStrike outage with VentureBeat and why this moment is a call to action for greater cyber resilience and maturity in their approach. Security vendors need to understand that they are holding customer outcomes in their hands. Ultimately, every enterprise has challenges around patching cadence. The fact that CrowdStrike required their end customers to do the work to ameliorate created more time to respond and time to remediate.

Reco CISO Merritt Baer was included in this month's CIOs On the Move for her recognition as a security executive who has stepped into a new leadership position. She joins an amazing list of 70 CIOs, CTOs, and CISOs set to drive innovation and lead their teams to new heights.

Claiming to have breached the U.S. Treasury and instead releasing 33 terabytes of data on the dark web exfiltrated from banking and fintech provider Evolve, LockBit’s latest breach shows how vulnerable fintech is to cyberattacks. Reco CEO & Co-founder Ofer Klein, and CISO Merritt Baer discuss this latest cyber attack and how CISOs can cut through the deception with data.

Reco provides a comprehensive solution for SaaS security that secures the entire lifecycle of a SaaS app, ensuring full visibility into connected SaaS applications, precise access management, and real-time threat detection. Customer testimonials highlight its effectiveness in reducing data exposure and improving response times.

In a recent interview with SafetyDetectives, Ofer Klein shares insight into the innovative solutions his company offers to address the growing challenges in SaaS security. Klein discussed the evolving landscape of SaaS applications, the critical need for automated security measures, and the future trends in cloud technology. This interview highlights Reco’s unique approach and the importance of proactive security in today’s fast-paced digital environment.

As organizations grapple with the implications of cybersecurity on their bottom line and reputation, the question of whether the CISO role is worth the inherent risks looms large. Beyond financial incentives, prospective CISOs must carefully consider the personal and professional liabilities associated with the position. Reco CISO Merritt Baer weigh in on the role of the CISO and how we can make being a security executive a real way to create change.

Reco CEO & Cofounder Ofer Klein discusses how traditional security models are no longer enough to protect against data breaches in today's threat landscape. The shift from reactive to proactive security measures is crucial as cybercriminals become more sophisticated, and a framework like zero trust is necessary. This article covers getting started with SaaS security in a zero trust environment.

An interview with Reco CEO & Cofounder Ofer Klein on how Reco empowers organizations to discover their SaaS applications, identities, and data, control access and prevent the risk of exposure.

As organizations come to terms with security challenges, the need for robust solutions becomes evident. SaaS Security Posture Management (SSPM) tools act as an essential line of defense against security threats by providing comprehensive visibility into the SaaS landscape. Here’s a breakdown of the leading SSPM platforms in 2024.

Abuse vulnerabilities are prevalent in security, and can't be ignored as they lead to catastrophic outcomes if overlooked. Reco's Director of Security Research delves into an abuse vulnerability recently discovered in GitHub and how organizations can prioritize these types of vulnerabilities.

As we head into the second half of 2024, it’s important to recognize the top SSPM software that are making significant steps in enhancing cloud application security. These tools maintain security standards and at the same time, actively improve how organizations protect and manage their SaaS environments. This articles highlight some of the standout 8 SSPM solutions in the market.

Reco CEO & Cofounder Ofer Klein shares how by focusing on the unique security issues of SaaS alone, SSPM solutions help organizations stay ahead of regulators and bad actors in this thought leadership piece for Forbes Technology Council.

Reco has been named a finalist for best SaaS security solution as part of The Cloud Security Awards. This award recognizes organizations that are stepping up to the challenge of helping organizations keep their SaaS identities and assets safe.

Reco had the opportunity to share our story as a SaaS security solution in the Startup of the Week: our aim to empower enterprises to discover what's connected in their SaaS ecosystem, prioritize, and detect potential points of exposure, as well as our journey to get here.

Reco has been shortlisted for best SaaS security solution as part of The Cloud Security Awards. This award recognizes organizations that are stepping up to the challenge of helping organizations keep their SaaS identities and assets safe.

The role of a chief information security officer (CISO) is becoming increasingly important as the dynamic landscape of cybersecurity threats now affects nearly all aspects of business. As today’s security threat environment evolves, SaaS security posture management (SSPM) has become a key part of a CISO’s security defense plan.

When bad guys started encrypting their data, Gal Nakash and Tal Shapira set out to beat them at their own game. The two cybersecurity experts, then with Israel’s equivalent of the FBI, used artificial intelligence to map data sharing in order to understand who was communicating with whom and head off attacks.

Ofer Klein is a decades-long Israeli Defense Force helicopter pilot and avid kitesurfing enthusiast who likens the adrenaline rush to being a founding CEO of a thriving security startup. It’s this unique background and experience that have been key to Ofer’s leadership style and Reco’s success.

Mortgage lending firm LoanDepot has disclosed a cyberattack resulting in data encryption and system disruptions.

GitHub has revealed that service disruption in December was due to it rotating credentials after the discovery of a high-severity bug, and warned that some customers may need to take additional action to stay secure.

As we head into 2024, we believe cross-border compliance, the need for safety standards around new Generative AI tools and continued Microsoft 365 and Okta Cyber threats will be key themes.

AI, particularly widely available tools like ChatGPT, has made big waves in 2023. Is this set to continue into next year or will we see a different approach to using the technology...

Reco today launched a platform that makes use of machine learning algorithms and graph technology to secure software-as-a-service (SaaS) applications...

The annual enterprise cybersecurity conference Black Hat exploded into Las Vegas this week, giving the Moscone-constrained RSA Conference earlier this year a run for its money...

Reco is pioneering a new approach to SaaS data security driven by interaction-based analytics, the company announced. With organizations maintaining an average of over 125 SaaS applications...