Threat Management

Potential Russian cyberattacks demonstrate the need for heightened security

President of Russia Vladimir Putin prior to a military parade in Red Square in Moscow. Today’s columnist, Meredith Bell of AutoRABIT, offers three tips for companies looking to protect their operations from retaliatory cyberattacks from Russia. Sergey Pyatakov / Sputnik

The White House recently released a statement on cybersecurity that warns of the potential for a cyberattack toward businesses stemming from the Russian and Ukrainian conflict.

This action from the White House further underscores a trend started earlier this year when Microsoft alerted its client network to the discovery of a coordinated and novel malware attack originating in Ukraine and impacting numerous government entities and large enterprise organizations with a presence in the country.

Given the political destabilization erupting across the globe, these types of attacks are inevitable and cause for growing concern within every security and technology organization worldwide. Here are three ways technology leaders can protect their organizations:

  • Embrace multi-factor authentication.

Cybercriminals are most likely to target the access points of enterprise systems. Simple passwords, phishing attempts, and spoofed accounts are a simple and effective way to gain access to sensitive data.

Multi-factor authentication requires an extra validation step when team members log into the system. This simple step can make the difference between compromising protected information and remaining secure against a cyberattack.

  • Lock down employee permissions.

For many organizations, Salesforce has become the largest repository of personally identifiable information (PII). Millions of sensitive records are stored within an average Salesforce org, making it a prime target for bad actors. The actions of a single Salesforce user can expose PII in ways that can cause material harm to enterprise companies, especially those operating in regulated industries. Taking the time to appropriately assign Salesforce permissions will limit an organization’s risk exposure.

But Salesforce doesn’t make this easy. Setting permissions at an individual user level has become so complex and time consuming that large organizations—ones that could add dozens of users daily—often take shortcuts, cloning the permissions of active users when creating new Salesforce user accounts. This means a small change in the permissions of a single user could unintentionally proliferate across the organization, enabling unauthorized users to expose data (intentionally or not).

A full audit of the company’s Salesforce user permissions can help identify where to tighten up processes and protect the organization’s data. New processes that clearly identify the permissions allowed for each role will prevent these issues from becoming an ongoing threat.

  • Ensure backup and recovery capabilities.

When I talk to clients, I also recommend auditing the records in their backup and recovery solutions. Data protection solutions have seen dramatic growth in adoption over the past 18 months, especially among enterprise organizations. As we’ve onboarded these large organizations we were surprised to discover that they were backing up malware along with their Salesforce data, metadata, and—crucially—the files attached to their Salesforce records.

But we shouldn’t have been surprised. Salesforce does nothing to alert its users to threats within their Salesforce orgs, and issues can remain undetected for years if the right code scanning processes aren’t implemented.

Companies should find a static code analysis tool to scan code, search for security vulnerabilities, and make recommendations for remediation. As an alternative,  find an open-source code scanning tool and create a subset of rules appropriate for your Salesforce instance.

For those responsible for the security of an organization’s Salesforce org, it’s crucial to understand that Salesforce’s endless customizability is its greatest strength — but it's also a potential security threat. Implementing processes to lock down user permissions and clean up the codebase can serve as the difference between warding off the cyberattacks to come — or not.

Meredith Bell, chief executive officer, AutoRABIT

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.