9 Salesforce Security Threats You Need to Know About in 2024

Last year it became clearer that Salesforce, a beacon in the vast sea of enterprise tech, can be a blind spot when it comes to cyber security. AI-powered phishing attacks found new gateways beyond email, for example, through cloud platforms such as Salesforce, and ransomware strikes faster than ever, calling for early remediation. 

In the Salesforce security sphere, there is much to learn from 2023. These nine areas will help you prepare for the year ahead, and if you want to delve deeper, download our eBook: Securing Salesforce: Know Your Responsibilities, Protect Your Data.

1. The Battle of AI

This would not be a 2023 review without AI, right? Unfortunately, AI has recently given an edge to cyber criminals with free tools like ChatGPT and paid ones like “FraudGPT”.

These platforms lower the barrier to entry for cybercrime, enabling rookies to execute advanced attacks. FraudGPT, in particular, excels at engineering spear-phishing campaigns, creating hacking tools, and abetting credit card fraud. Its ability to write harmful code, design elusive malware, and detect system weaknesses is particularly troubling.

These AI tools enhance the Phishing-as-a-Service (PhaaS) framework, equipping individuals with limited tech expertise to launch effective, large-scale phishing operations.

Conversely, AI is not new to cybersecurity solutions. For quite some time, advanced anti-malware tools have been using machine learning and extensive threat intelligence databases to identify and block malware and ransomware. And that AI kept getting stronger in 2023.

2. The Compound Effect of Security Gaps

A series of minor configuration errors can lead to significant breaches. In 2023, Brian Krebs’s investigative report revealed that misconfigured Salesforce settings have inadvertently granted guest access to sensitive data. This isn’t a flaw in Salesforce’s security but a misstep in configuring access rights, particularly when default settings allow more access than necessary.

Mitigation is straightforward: disable unwarranted external sharing and test access settings thoroughly. Neglecting the details carries significant risk. 

Organizations must prioritize time and resources for security maintenance, as small oversights can lead to major vulnerabilities in complex and evolving platforms like Salesforce.

With cloud platforms like Salesforce being accessed by a wide group of users – both internal and external – there are risks that can be hard to mitigate, such as the state of the possibly unknown device itself. What’s concerning (and slightly surprising) is the wide adoption of the bring-your-own-device (BYOD) approach, with a whopping 64% of organizations allowing it according to our survey. When users connect to Salesforce from unmanaged and potentially infected devices, risks rise.

3. The Persistent Threat of Phishing: Beyond the Inbox

Traditional email defenses have been fortified, pushing phishing hackers to seek new opportunities of entry. In 2023, more and more phishing attacks leveraged public facing apps. 

This is a stark reminder that phishing transcends email, extending its threat into several facets of our digital infrastructure. Salesforce, among other cloud applications and platforms, is becoming the next fertile ground for their deceptive plots. Any external facing use case on Salesforce is a potential backdoor.

4. Accelerating Threats: The New Pace of Ransomware Attacks

Ransomware has evolved from being confined to malicious downloads on compromised websites to a global threat targeting critical services and corporate information. The impact of such attacks can be devastating, costing businesses heavily in downtime, recovery, forensics, system upgrades, compensation, and legal challenges. 

A new dimension of urgency has emerged in the cybersecurity landscape. According to IBM’s X-Force Threat Intelligence Index 2023 report, the time to execute ransomware attacks has drastically reduced by 94% over the last few years. Attacks that historically unfolded over months now unravel in days, sharpening the threat against enterprises.

This rapid pace underscores a critical vulnerability – the window for detecting and responding to attacks is shrinking. Now, more than ever, it’s imperative for organizations, especially those targeted by sophisticated cybercriminals, to adopt a proactive stance. The Salesforce cloud, as a primary entry point and data repository, demands defenses against these swiftly advancing threats.

5. Visibility: The Foundation of Security

A survey of nearly 300 companies using Salesforce has revealed an unsettling truth: the majority of the respondents are unable to confirm the absence of security incidents within the past year. This lack of clarity and the linked lack of malware scanning paints a picture of potential unseen threats.

By default, Salesforce does not provide visibility into potential cyber threats within the system. Without visibility, there can be no certainty in our knowledge. Good cybersecurity always starts with visibility.

6. A Cautionary Tale

In 2023, we had an urgent customer case, where a cyberattack compromised the entire IT infrastructure of a pharmaceutical company, including Salesforce. With limited understanding of the breach, the security team had to freeze all cloud systems.

Imagine this scenario for your company. What would the impact be? The cost – halted operations, lost business, and recovery efforts – would likely be substantial.

In response, the company engaged an external security consultancy for a swift resolution. Salesforce recommended WithSecure Cloud Protection for a malware and threat scan. A significant factor for this recommendation was the solution’s ultra-fast “click-and-go” deployment, enabling a scan of the potentially compromised environment on the same day.

It was found that no malware had been delivered via Salesforce, allowing the system to be safely reinstated. However, the company recognized the real risk and the need for constant vigilance, not just reactive measures during incidents.

7. ‘Big Game’ Hunting in Cybersecurity

Cyber attackers target anything with value, and in their eyes data is money. The top targets are the biggest ones out there, with the potential of significant bounties for the attackers. In 2023, firms like Dish Network, ScanSource, ABB, and AvidXchange have become targets of ‘Big Game’ ransomware attacks according to Cybersecurity Ventures‘ report. These incidents emphasize the importance of safeguarding large enterprises across attack surface – including Salesforce cloud.

8. Ignorance Is Not Bliss

Sometimes, attacks may persist for years before detection, as with Samsung in 2023. Hackers accessed personal data through a vulnerability in a third-party business application. The breach, lasting from July 1, 2019 to June 30, 2020, wasn’t discovered until November 13, 2023. While no financial details or passwords were compromised, the incident was still reported to the UK’s ICO, marking Samsung’s third disclosed breach in two years.

There is no system impervious to attacks – not even the ones of the largest and most advanced of global players. Besides prevention, the ability to respond, which begins with visibility and investigative capabilities, is vital.

Cloud platforms like Salesforce often represent a blind spot in cyber visibility, lacking built-in capabilities to track malware threats and phishing attacks.

9. Arrogance Is Expensive

The SEC has sued SolarWinds and its CISO, Timothy Brown, for poor cybersecurity practices, claiming discrepancies between the company’s public statements and its actual handling of cybersecurity policy violations and incidents. 

This case illustrates the costly consequences of such negligence – putting even more emphasis on not overlooking the details.

Beat Reactivity With Proactive Security in 2024

“The best defense is a good offense” is particularly true in cybersecurity. Faced with an accelerated threat landscape of expanded attack surfaces and more scalable attacks, enterprises must reinforce their Salesforce defenses. Small security oversights can lead to ripple effects in complex and evolving platforms like Salesforce. Advanced threat detection and response systems to stop sophisticated malware and phishing attacks at Salesforce’s entry points are critical. 

Proactive measures can intercept threats before they reach the digital ecosystem’s core. In an era where cyber-attacks unfold in days, the robustness of your Salesforce security could be the deciding factor in preventing a digital crisis.

For 2024, make sure to:

• Review your current Salesforce security risks.
• Mitigate current risks.
• Consider security at the early stages of your new Salesforce projects.

We at WithSecure can help you to understand your Salesforce security risks, and provide the tips and tools to mitigate them.

To get your Salesforce security knowledge up-to-date, we recommend checking out our eBook, Securing Salesforce: Know Your Responsibilities, Protect Your Data. It guides you in closing security gaps and safeguarding your data against cyber breaches with actionable advice.