Digital transformation and remote work have increased companies’ reliance on cloud-based applications. Threat actors are increasingly targeting these applications, like Salesforce, to extract sensitive data. To safeguard their business-critical cloud applications, Juan Pablo Perez-Etchegoyen, chief technology officer, Onapsis, discusses why IT teams need to answer four basic cybersecurity questions.
Enterprises today are increasingly reliant on business-critical applications like Salesforce. In fact, more than 150,000 organizations across the globe trust this customer relationship management solution. Like many cloud-based applications, Salesforce has security features built into its platform, but if not configured correctly, the software can create security gaps. And bad actors can exploit these vulnerabilities to exfiltrate personally identifiable information, cause financial harm, damage brand equity, and more.
Moreover, the recent spate of high-profile security breaches has increased pressure on CISOs to improve their security posture. The attacksâ —often launched from foreign soil and sometimes by nation-statesâ —have hit a wide variety of businesses, from meat processors to healthcare systems and everything in between. Corporate boardrooms and stakeholders are starting to pay more attention to enterprises’ security practices. Pressure trickles down, and CISOs are being asked more questions about cybersecurity.
To avoid becoming the victim of a ransomware attack, data breach, or other cyber incident, CISOs need to look at their business-critical cloud applications, like Salesforce, and consider several basic questions: Who are the superusers in the organization? What happens if a user acts in a way that’s not in accordance with their role? How do I protect my organization against attacks that exploit security lapses in third-party vendors (which are becoming increasingly prevalent)? And if there is an incident, are we properly logging, responding, and remediating the event?
To help address these considerations, let’s examine them in more detail and discuss best practices for protecting an interconnected, intelligent enterprise.
1) Who Are the Users With Excessive Privileges?
According to the 2021 Verizon Data Breach Investigations ReportOpens a new window , the most common cause of data breaches is users with excessive privileges who mishandle data. An example of excessive privileges in SalesforceOpens a new window might be user profiles with the “without sharing†keyword. Misconfiguring this setting could provide users with access to more contacts and confidential information than the user should be allowed to view.Â
For Salesforce customers, abuses can be curtailed if companies ensure that their users are set to the least privileged authorizations. Organizations should focus on identifying users with excessive privileges, like the ability to view all data or manage all users’ permissions, and then restrict this group to system administrators. Because of the risk associated with administrator accounts, they should only be used when necessary.Â
And no one person should be completely responsible for the entire administrative process. Segregation of duties is important not just for preventing fraud. It also protects the company if the only person who has the administrator profile credentials falls ill or leaves the business on bad terms.Â
See More: Ransomware: Is Your Sensitive Data Protected, or Will You Have to Pay?
2) What Would Happen If a Legitimate User Started Acting in a Suspicious Way?
Unusual activity from a superuser could be a sign that a user’s identity has been compromised or that an employee has gone rogue. In today’s work environment, remote office locations and cloud-based applications make it easier for threat actors to assume a legitimate users’ identity.Â
While companies have embraced the move to Salesforce and other software-as-a-service (SaaS) applications to improve employee productivity, many have not stepped up security training for end-users nor followed cybersecurity best practices. For example, many end-users still click on malicious links or give away passwords in well-designed phishing exercises. To combat this issue, regular cybersecurity training should be provided to employees of all levels. Also consider that some remote employees may be using unsecured personal or public Wi-Fi.Â
From an operational standpoint, many enterprises aren’t following basic protocols to protect the business from rogue users. To limit the damage one malicious user can inflict, organizations should set up strong governance policies for data handling, including making sure that users can only act on behalf of other users for required business activities. In addition to setting user permissions to the lowest level required, organizations must continually monitor users’ activities against their roles and responsibilities.Â
3) What Would Happen If a Threat Actor Gained Access to Sensitive Data Through a Poor Third-Party Integration?
Cybersecurity alerts and breaches from third-party software have dominated the headlines. SolarWinds, Accellion, and Kaseya are simply the latest names of third-party vendors that threat actors have used to penetrate enterprise defenses.Â
The reason? Large enterprises have vast amounts of data that are attractive to cybercriminals. These businesses also share access to data and APIs with third-party vendors. Although Salesforce and other SaaS applications provide organizations with greater flexibility, the applications also create additional entry points for threat actors. If bad actors gain access to an enterprise through a third-party misconfiguration, they can immediately start to exfiltrate company information and demand ransom from an organization that desperately wants to keep its data private. Â
As enterprises embrace the move to the cloud, more and more business-critical applications share sensitive data with other applications. With any security protocol, an organization is only as strong as its weakest link. In cloud applications, there is a shared responsibility modelOpens a new window . While the cloud provider is responsible for the security of the cloud infrastructure, enterprises are responsible for the security of their data, application systems, and networks. Security teams are responsible for monitoring the enterprise’s risk from third-party applications that access their networks. Â
See More: Passwords Have Led to Security Failure and Complexity – Is There a Way Out?
4) What Would Happen If Your Incident Log Is Not Properly Configured?
While most businesses hope that they won’t be the target of a security incident, prudent organizations have plans in place for the worst-case scenario. If the worst happens, having a reliable incident log is critical. A single well-maintained place for all audit logs, alerts, and other log types will allow the security team to quickly determine what led to the attack. An effective response to an incident protects data, safeguards the company’s brand reputation, and directly impacts the bottom line.
For a Better Security Posture, Be Proactive
A robust security posture should be proactive in nature and begin with the basics. While patch management is less of a concern with SaaS, ensuring proper user privileges for employees, practicing good password management, and conducting phishing simulation exercises are just some of the key practice areas to keep a company safe from security breaches. However, as enterprises continue to adopt and migrate to cloud applications, attack surfaces continue to expand. IT security leaders need to increase their vigilance, protecting the applications that contain the most important data, like Salesforce.Â
Security teams should start by focusing on minimizing the damage that rogue superusers could do, protecting the organization from lax security protocols of third-party vendors, and maintaining proper logs in case the worst-case scenario happens and the company suffers a security incident. To help ease the burden, organizations should consider monitoring and application-specific security tools that help automate and streamline these tasks.Â
Scans that are specifically designed for on-premises applications are likely ineffective against the risks and vulnerabilities of cloud-based applications. By proactively deploying security tools specifically designed to defend cloud applications, CISOs can protect their organization’s crucial applications like Salesforce against bad actors trying to steal or tamper with business-critical data.
Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.