BSides Vancouver 2026

An increasing reliance on SaaS does not always come with the knowledge or motivation needed to secure these services. As businesses move away from on-premise systems, SaaS platforms are increasingly used for business-critical purposes, storing vital, sensitive company information. Organizations continue to underestimate SaaS breach risk, prioritizing ransomware defense while leaving critical SaaS exposures unaddressed.

But attackers have noticed, and they’re exploiting this blind spot.

Through a number of real-world case studies, including incidents involving Scattered Spider helpdesk takeovers, Salesforce-connected app compromises, malicious OAuth abuse, and a million-dollar BEC, we’ll dissect each campaign from initial access to root cause.

Attendees will see how these intrusions unfolded across platforms, threat actor groups, and techniques mapped to MITRE ATT&CK. Each case illustrates that SaaS is no longer a peripheral threat vector. It’s an attacker’s playground. You’ll leave with a better understanding of how these breaches occur, what defenders can learn from them, and practical steps to defend against the next wave of SaaS-native attacks.