Admins / Architects / Security

Ransomware Attacks Are Targeting SaaS Data – Here’s How to Protect Yours

By Arnaud Treps

Sophisticated ransomware attacks are increasingly targeting all types of data, including data stored on SaaS platforms. New research now shows that large enterprises aren’t fully prepared to protect their data against ransomware attacks.

How do we know this? Odaseva partnered with Dimensional Research®, an independent research firm specializing in enterprise technology, to survey executives and managers of companies with more than 10,000 employees in August 2022. 

What Did the Survey Find?

The report of the survey findings, The State of SaaS Ransomware Attack Preparedness, reveals that large enterprises are not fully prepared to protect their SaaS data from ransomware attacks, even though SaaS data lost in successful ransomware attacks was the least likely type of data to be fully recovered. That’s a real problem.

These attacks are increasingly frequent and successful, and recovery is often difficult, incomplete, and time-consuming. Additionally, with large enterprises increasingly relying on cloud infrastructure for mission-critical operations, organizations that fail to prioritize data protection can be vulnerable to ransomware attacks on their data. 

The survey findings underscore the importance of understanding the threat of a ransomware attack on enterprise SaaS data, and how to proactively and effectively protect the data against this threat.

Let’s deep dive into these two points.

Understanding the Threat of Ransomware Attacks on SaaS Data

What’s at risk?

It’s important to note that while the SaaS platform itself is a highly unlikely potential victim of a ransomware attack, the data that you store in it can be a target. 

The SaaS platform’s strict technical controls are simply too difficult to penetrate, however the data in it can be attacked through end user phishing, malware, API key leaks, or other malicious methods. Attackers can then use the platform’s API to export the data and overwrite it with an encrypted version. To obtain the decryption key, victims must pay a ransom. 

It’s an expensive, embarrassing, and damaging catastrophe that you want to avoid at all costs. You can learn more about this here.

What types of data are targeted in ransomware attacks?

The survey results show that all data is a target for ransomware attacks, no matter where it is stored. Almost half of respondents (48%) reported being the target of a ransomware attack in the past 12 months, whether the attack targeted data in a public infrastructure cloud like AWS, on endpoints like mobile devices, in on-prem data centers, or in SaaS applications.

Where does SaaS data rank?

SaaS data stands out. The results show that attacks on SaaS environments were more likely to succeed than attacks on other environments. 52% of ransomware attacks on SaaS data succeeded – more than any other environment that respondents were surveyed about. 

Data lost in successful SaaS ransomware attacks was also least likely to be fully recovered. SaaS data can be tricky to restore – especially if it’s not backed up properly. If enterprises are not using a backup and restore solution specifically designed for their data volume and complexity, they’re at risk of failing to recover data.

While no respondents reported losing all of their SaaS data when recovering from a ransomware attack, only 50% recovered all of it – less than any other type of data attacked.

This could be easily explained: organizations have invested on data protection solutions for traditional on-prem environments, while this investment remains insufficient on SaaS data, or not adapted to the specificities of SaaS applications.

Who is (or isn’t) paying attention?

One of the most surprising findings was that even though the severity of a ransomware attack on SaaS data was higher than other types of data, executives and managers said SaaS data was the least likely to be ranked a “Top 2” concern for ransomware, even while only 28% said they are “very” confident about their ability to recover from an attack. So the risk is high, the confidence in recovery is low, and yet the level of concern doesn’t reflect this.

How to protect SaaS data against a ransomware attack

It’s almost needless to say that enterprises must proactively – and effectively – protect data against ransomware attacks. The first step is understanding who is responsible for protecting the data.

Who is responsible for protecting SaaS data?

The survey found that there’s still a misconception that companies don’t need to protect their SaaS data, with 25% reporting that they believe it’s the cloud or SaaS provider’s responsibility to protect data in their infrastructure. That’s wrong.

SaaS platforms that embrace a ‘shared responsibility’ model for data are responsible for the security and integrity of the platform, but the customer is responsible for securing and managing the data generated.

Finding the right data protection solution for enterprise SaaS data

Once there’s an understanding that companies must protect their data, next comes finding the right data protection solution. Fortunately, the survey results show that 98% have invested in or have plans to invest in data protection for cloud and SaaS ransomware.

However it’s impossible to overstate the importance of investing in the right tools for the job. In the case of enterprise data protection, the right tools are data protection solutions that are specifically designed and built for the needs of very large enterprises, not generic protection offerings.

That’s because at enterprise scale, SaaS data is different. Data volumes are large. Data models are more sophisticated. Integrations, regulations, and business processes are much more intricate. To protect this data against ransomware attacks, it must be securely protected – and that begins with a powerful backup and restore solution.

By ensuring that SaaS data, metadata, and files are properly backed up, enterprises can restore this data if a ransomware attack or other data disaster strikes.


Enterprises can protect SaaS data against ransomware attacks with the right backup and restore solution. Here’s what you can do now to get started:

  1. Backup data as frequently as necessary, depending on the criticality of the objects
  2. Run restore tests regularly to identify any potential roadblocks to a speedy and effective data restoration
  3. Visit to learn how we protect Salesforce data with the strongest security, power, control and governance available to the enterprise

To learn more about protecting SaaS data against ransomware attacks, get The State of SaaS Ransomware Attack Preparedness report today, watch the webinar New 2022 Report: The State of SaaS Ransomware Attack Preparedness, or visit

The research was conducted by Dimensional Research, an independent research firm specializing in enterprise technology. Independent sources of data stakeholders were invited to participate in an online survey. A variety of questions were asked on questions related to ransomware attacks, impacts, and security investments. Responses were captured between August 2 and August 9, 2022. A total of 157 qualified individuals completed the survey. All had decision making responsibility for data solutions for both IaaS and SaaS cloud environments. All worked for a company with more than 10,000 employees and more than 10% of their corporate data in cloud (IaaS or SaaS) environments.

The Author

Arnaud Treps

Arnaud Treps is the Chief Information Security Officer at Odaseva.

Leave a Reply