December 28, 2024
When Email Security Meets SaaS Security: Uncovering Risky Auto-Forwarding Rules
While intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wing), a SaaS security company, announced yesterday that their SaaS shadow IT discovery methods now include a solution

Nov 09, 2023The Hacker NewsEmail Security / SaaS Security

While intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wing), a SaaS security company, announced yesterday that their SaaS shadow IT discovery methods now include a solution that solves for auto-email forwarding as well. While Wing’s shadow IT solution is offered as a free tool that can be onboarded and used as a self-service, users willing to upgrade will be able to enjoy the company’s new Gmail and Outlook integrations, which broaden the company’s discovery capabilities and extend their data security features.

The risks of email auto-forwarding rules

Auto-forwarding emails is a great way to save time on repetitive tasks and are therefore very popular among employees who regularly collaborate and share information with external business partners. Risk examples include:

  • Automation means no one is checking for sensitive or private information. Emails with a certain word combination in the title, or a specific sender, will automatically be forwarded to an external entity without any oversight. This can lead to PII data leakage, sensitive data leakage and regulatory violations that can compromise an organization’s compliance.
  • Auto-forwarding can also indicate a potential insider risk. A disgruntled employee may auto-forward certain emails to competitors. It can also be as common as an employee who plans to leave the company and wants to maintain access to their work after they leave – auto-forwarding emails to their private email account.
  • Malicious actors might use this as an entry point. Bad actors can use these email forwarding rules to exfiltrate data after a successful attack, or as a means to spread phishing campaigns within organizations.
Screenshot from Wing’s platform, auto-forwarding issues found in gmail and Outlook

What is the connection between SaaS Security and email Security?

For several reasons, it is essential for organizations to uncover SaaS Shadow IT applications. Shadow IT refers to the unauthorized use of IT systems within an organization, often for the sake of convenience or efficiency, without the explicit approval of the IT department. There are some SaaS applications that may pose significant risks to the organization’s security, compliance, and overall efficiency:

  • Security Risks: SaaS applications are part of the modern supply chain, and as such they should undergo proper vendor risk assessments and Wing’s product illustration – risky email forwarding rules

    Wing’s SaaS discovery entails the systematic identification, categorization, and analysis of an organization’s SaaS usage to mitigate shadow IT risks. The company offers three distinct and non-intrusive discovery methods: Connecting to organizations’ major SaaS applications (e.g., Google Drive, Salesforce, Slack, and others) to identify connected applications, scanning endpoints for SaaS signature hits and cross-checking them with Wing’s extensive SaaS database of over 280,000 SaaS records. Their third and newly introduced capability involves connecting to business emails and conducting scans to detect clear indications of SaaS usage. Wing emphasizes that knowing is just the first step in solving and therefore offers customers the means to remediate and eliminate risky shares directly within their platform.

    Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.