Varonis, a cybersecurity firm, claims to have discovered a vulnerability in Salesforce’s community services and cautions businesses that hackers may be able to steal critical information. Get certified with Salesforce Training to learn sales operations, marketing automation, analytics, SaaS services, and application development under this Course.
Through features like Q&A, partner portals, and forums, the Salesforce community allows organizations to interact and share information with workers, partners, customers, and others outside the organization.
According to Varonis, “misconfigurations” might “expose sensitive data to anybody on the Internet,” putting thousands of consumers at risk.
Varonis researcher Nitay Bachrach says, “A hostile attacker might use this misconfiguration to do reconnaissance on spear-phishing operations at the very least”.
“It has the potential to steal critical information about your company, its operations, clients, and partners in the worst-case scenario. Advanced attackers may acquire information from other services connected to your Salesforce account in some situations“.
Varonis claims that he has discovered “There are a huge number of publicly available Salesforce communities that are misconfigured and disclose sensitive data”. Before exploring further, If you’re a newcomer, you should have a look at our salesforce developer training course, which will teach you how to create custom development applications on the Salesforce Platform.
Hackers could “reconnaissance” misconfigured sites by searching for information about the company, such as users, items, and fields that publish people’s names and email addresses. It can break into your system and steal information in many circumstances“.
These public communities, according to the organization, “allow anonymous persons to query objects containing sensitive data like customer lists, support cases, and email address of an employee”.
Varonis has informed Salesforce of the discoveries and says it is trying to update the app to avoid admins from accidentally releasing information.
MFA is one of the simplest and most successful ways for organizations to protect their data from the majority of frequent cyberattacks. As a result, all Salesforce customers would be required to adopt MFA starting February 1, 2022.
However, as any CISO will tell you, enterprise security is a very competitive field, and MFA isn’t always emphasized. Organizations can no longer afford to ignore MFA and other important security techniques as the digital world become increasingly connected and complicated.
Although work-from-home security issues aren’t new, the number of attacks has risen
Employees with laptop access were already bringing their computers home and working on them throughout the evenings and weekends before COVID-19 quarantines and lockdowns. Attackers might use default or recycled passwords from hacked accounts to gain access to business systems, posing a security concern.
The trend is explained by Greg Poirier, the founder of Salesforce Partner CloudKettle and an expert in business security technology.“This isn’t a new security concern.” he said. “What’s new is that the number of attacks, and also the efforts and resources dedicated to security attacks on-at-home employees, has greatly grown. People have been working much harder in the last year to exploit it. That is why it is more significant.”
Cyberattacks aim to take advantage of increasingly interconnected systems
Companies of all sizes – particularly large organizations – have progressively joined several cloud-based technologies in recent years to achieve a single perspective throughout the business. Data warehouses have become a popular new attack vector for hackers as a result of this trend.
Companies have reacted quickly by tightening security measures and best practices at every touchpoint (in part because of technologies like Mulesoft’s API Manager and Salesforce Shield, which protect businesses from common threats).
Security audits are becoming the norm
One area Poirier’s team constantly looks at while performing security audits for CloudKettle’s customers is data governance. Is there a daily governance policy in place? What is its structure? Or, more importantly, does it even exist? Customers hadn’t always considered it before this year.
“At the enterprise level, the security assessment process is improving dramatically,” he said. “It’s becoming a lot more considerate. Employees are sometimes more frustrated because, two years ago, they might have been able to add something like a browser plugin without any inspection, but now they can’t. It’s becoming a lot more considerate. Employees are sometimes more frustrated because, two years ago, they might have been able to add something like a browser plugin without any inspection, but now they can’t”.
Poirier said, “Our clients are knowledgeable enough today that they’re asking us for help with things like application whitelisting, updating authorization procedures, and having a really robust vendor security screening process”.
MFA inscribes evolving threats
Multi-factor authentication provides an extra degree of protection to the login process by forcing users to confirm their identity using two or more pieces of evidence (factors).
At an ATM, we’ve all seen this: The first method of authentication is your physical card, and the second is your PIN. In the office, this can take the form of an authenticator app installed on a mobile device that generates a code that is entered during a system login.
MFA is one of the account security methods that can safeguard customers and companies like the security threats Poirier mentioned become more widespread.
Poirier said, “What you need to do is erect as many hurdles as humanly possible to prevent a compromise from taking place. And MFA is one among those speed bumps that can be simply and swiftly rolled out onto the road”.
Companies should evaluate various developing tools and best practices to prevent data breaches as cybersecurity attacks become more complex. As businesses return to offices and workplaces, there is a renewed emphasis on ensuring the safety of both data and people. MFA is one of the easiest and most effective solutions to protect data and prevent unauthorized account access. Any organization may be future-ready by prioritizing it now. Getting this CyberArk certification course helps you learn topics, such as cybersecurity principles, the architecture of security, implementations of security, and adoptions, and so on.
Read Also: Internet Safety: 4 Good Reasons To Use A VPN