By Charles Buck, Co-Founder and CTO of SaaS Alerts, finalists in the Best SaaS Security Solution category, and shortlistee for Cloud Security Innovator of the Year at The 2024 Cloud Security Awards.

How people access the tools they need to do their jobs has changed significantly over the past decade.

No more uploading software to a desktop. Instead, workers take 30 seconds to sign up for a new SaaS app, plug in their credentials and go on with their day.

Hackers are following suit — coming up with new ways to break into SaaS accounts to steal data and money. That evolution has created more work for the MSPs who have to protect their clients from bad actors.

Perhaps the easiest way to stay at the cutting edge of cybersecurity is to simply pay attention to what’s changing. Here are a few trends to watch in 2024.


For anyone who’s spent time on a computer in the past decade, phishing is a familiar concept. And it’s only gaining ground.

Today, phishing is the most common hacking method in the world, with billions of phishing emails sent every day. Of all the email traffic globally, 1.2% are phishing attempts.

Clearly, this tactic works. More than a third (36%) of all data breaches started with a phishing attempt. Losses from phishing attacks reached $10.3 billion in 2022 alone, according to the 2023 IBM Data Breach Report.

Now, hackers want to make this method even more sophisticated — and hands-off. To do so, they’re modeling a different (and very successful) business model: phishing as a service (or PhaaS).

Just like businesses pay for SaaS products like Microsoft 365 or Slack, hackers can pay for software that will do the hacking for them.

Here’s the gist: A bad actor purchases PhaaS software, feeds it a list of targets, inputs the message they want to send to those targets and then kicks up their feet. The software will set up a virtual server and run the hack itself. The hacker receives a list of stolen credentials — without ever actually having to do the legwork.

These operations are increasingly popular. In fact, Microsoft uncovered a huge PhaaS operation called BulletProofLink, which sold more than 100 phishing templates designed to get past threat-detection tools. Anyone could purchase these templates and run their own successful phishing campaign.

And that’s just one example we know about that’s made it off the dark web. With so much money on the table in the phishing “business” these days, PhaaS isn’t going away any time soon.

IP Address Localization

Speaking of not going away, another trend here to stay is remote work. Hackers have jumped on the trend too — which is bad news for MSPs and businesses.

A bad actor may be located 4,000 miles away from your client’s business. But with the power of a VPN, which can localize the hacker’s IP address to make it look like they’re logging in from down the street, they can do a lot of damage from afar.

This IP address localization is increasingly common. It’s a good way to bypass any foreign login flags that a business or MSP might have set up to protect their users.

Proliferation of Guest User Accounts

At this point, most companies have been embracing SaaS applications for years. It’s natural that those apps have accumulated some clutter. But that clutter could turn into a breach if no one is paying attention.

Specifically, MSPs should keep track of guest user accounts within their clients’ environments.

Guest user accounts let a company give someone temporary access to one of its SaaS apps. For example, maybe a supplier needs to be in the payment system or a contractor needs to access the company’s SharePoint. Creating a guest account is convenient and simple — maybe a little too convenient and simple.

Those guest accounts tend to hang around if no one deletes them. And that means those external guests retain access to internal files or information.

The average company uses 89 SaaS apps, according to the Okta 2023 Businesses at Work study. If even a handful of guest user accounts linger on each of those, that’s a lot of unauthorized access.

On a similar note, most businesses have many old file-share links still roaming around. Maybe the company didn’t give full SaaS app access to a contractor. But they did send them dozens of file links. What happens to those links after the company stops working with the contractor? It’s an important question that not enough businesses think about.

In the years ahead, most organizations will only continue to increase their reliance on SaaS applications. So it’s essential they remain wary of how many external guests they invite into (and keep in) the fold.

What MSPs Can Do To Protect Their Clients

With how quickly the cybersecurity landscape evolves — and how frequently hacks occur — it can seem like bad actors are winning the battle.

Here are a few tips MSPs can use to help clients stay safe in 2024 — and beyond.

  • Out with the old: Regularly review the guest user accounts within your clients’ SaaS environments. Delete old ones as soon as they’re no longer necessary. A good rule of thumb is to automatically delete any accounts with no activity in the previous 30 days.
  • Teach appropriate file-sharing behavior: It may be convenient to just copy and paste a file link to share with an external contractor or vendor, but your clients give up a little security each time they do so. The more they understand this, the more careful they can be.
  • Encourage MFA across the board: No matter the platform, client or situation, everyone should set up MFA every time they sign up for a new SaaS app. This isn’t always 100% foolproof, but it’s a critical stumbling block between hackers and your clients’ businesses.
  • Keep track of travel plans: Many workers these days choose to take advantage of remote work flexibility by picking up their laptops and logging in from a beach for a few weeks (or months). Take note of when your clients will be working from somewhere new. Even if a hacker uses IP address localization to make it look like they’re an employee working from their home office … you’ll know that user is actually in Spain for the month. Checkmate.
  • Monitor suspicious activity: Understand the baseline of what’s “normal” for the user accounts you monitor (like login locations or file upload patterns). With that baseline in mind, it’s easier to catch hackers in their tracks. For example, an account rapidly exceeding a predetermined daily file download limit or setting up strange email forwarding rules could mean the account has been breached. The quicker you notice, the quicker you can jump into action.

Similar to the medical or legal fields, the cybersecurity landscape continues to evolve. That’s one of the reasons MSPs and other IT professionals love working in it: It’s a constant but exciting challenge.

Tools and strategies are available to help MSPs keep pace with the rapid scale of development. But with new trends emerging every day, MSPs’ ability and willingness to spot the trends — and adapt alongside them — will be their most important quality.