Cybersecurity Unveiled: Understanding External and Internal Threats

Reading time: 10 min


  • 24/04/2023

In today's rapidly evolving digital landscape, the frequency and sophistication of cyber attacks continue to rise which poses a significant risk to organizations of all sizes.

A 2022 report by IBM found that the average cost of a data breach in the United States was $9.44 million, with critical infrastructure industries such as healthcare, finance and technology being the most commonly targeted.

Salesforce, as one of the leading cloud-based customer relationship management (CRM) platforms, is a prime target for cybercriminals seeking to exploit vulnerabilities and gain access to sensitive data. The company averages 6.74B MuleSoft integration transactions, 34.14M customer service conversations, 4.13B marketing messages and more — every 24 hours. The numbers speak for themselves, with a vast amount of data being processed, stored and transmitted through the Salesforce ecosystem. This level of activity underscores the need for strong security measures to protect against data breaches and other cyber threats.

It's important to note that although Salesforce offers essential infrastructure-level security measures like replication, backup, disaster recovery, encrypted network services and advanced threat detection, the ultimate responsibility for securing data and access controls lies with each individual company. While the benefits of utilizing cloud-based applications like Salesforce are significant, it's vital to recognize and address the potential security risks proactively.

The Importance of Differentiating External and Internal Threats

Differentiating external and internal threats is crucial in developing an effective cybersecurity strategy. This differentiation is especially important when considering the role that cloud-based applications play in today's business environment. As more companies move their data to the cloud, they'll need to ensure it's adequately protected with robust security measures.

While external threats pose a higher risk in terms of financial impact and are more common, internal threats can't be overlooked. In fact, malicious insiders accounted for 12% of breaches in 2022 — with an average cost of $4.18 million per incident. 

What Are External Threats?

External threats refer to cyber attacks that originate from outside an organization's network, typically from malicious actors or groups[1] who seek to exploit vulnerabilities and gain unauthorized access to sensitive data. Here are some examples of their attacks:

  1. Malware attacks: Malware, short for malicious software, is a type of software designed to harm a computer system or network. Malware can come in many forms, including viruses, Trojans and ransomware, and can cause significant damage to an organization's data and reputation.
  2. Phishing attacks: Phishing is a type of social engineering attack where an attacker poses as a legitimate entity, such as a bank or email provider, and sends fraudulent emails or messages to trick users into sharing sensitive information, such as login credentials. Phishing attacks are the most common way for attackers to gain unauthorized access to an organization's network.
  3. DDoS attacks: A distributed denial-of-service (DDoS) attack involves overwhelming a network or website with traffic to make it inaccessible to users. DDoS attacks are often launched by botnets, which are networks of infected computers that can be controlled remotely by attackers.
  4. Zero-day exploits: A zero-day exploit is a vulnerability in software that is unknown to the software vendor or cybersecurity community. Attackers can exploit these vulnerabilities to gain unauthorized access to an organization's network before a patch or fix is available.
  5. Supply chain attacks: A supply chain attack involves targeting a third-party vendor or supplier to gain access to an organization's network. These attacks can be difficult to detect as they're often not directly launched against an organization. Instead, attackers will exploit vulnerabilities within a third-party vendor or supplier's network and use that access to launch attacks against the client organization.

What Are Internal Threats?

Internal threats refer to cyber threats that come from within an organization, often involving authorized users who have access to the organization's network and data. Here are some examples:

  1. Insider attacks: These are typically carried out by employees who intentionally or unintentionally cause harm to an organization's systems or data. For example, a disgruntled employee may intentionally damage systems in order to cause downtime or prevent an organization from doing business. Or that worker might steal and release sensitive information which could prove even more costly than system downtime.
  2. Accidental data breaches: Breaches occur when employees unintentionally expose sensitive data, such as sending an email to the wrong recipient or failing to secure a device containing sensitive data. It's essential to provide training to employees to help them understand the importance of data security.
  3. Poor password management: Weak or easily accessible passwords can compromise an organization's security. For example, an employee might use the same password for multiple accounts, which can lead to a cascading breach across multiple systems.
  4. Privilege abuse: This occurs when an authorized user with elevated access misuses their privileges to harm the organization. For example, an IT administrator might abuse their access rights to install malware on the network.
  5. Negligent behavior: Refers to employees who disregard security policies and engage in risky behavior that can lead to a data breach. For example, an employee might use an unsecured public Wi-Fi network to access company data or leave a device containing sensitive data in a public place.

    Related resources

    WithSecure™ Cloud Protection for Salesforce

    WithSecure™ Salesforce Cloud Security for Salesforce Community Cloud, Sales Cloud and Service Cloud offers real-time protection from advanced viruses & malware.

    Read more

    Cyber Kill Chain

    Learn how cyber attackers can leverage vulnerabilities in Salesforce and how you can stop them.

    Read more

    WithSecure™ Cloud Protection for Salesforce

    WithSecure™ Cloud Protection for Salesforce is a powerful security solution designed to protect against advanced cyber threats, such as ransomware, zero-day malware, viruses, trojans and phishing links. Developed in collaboration with Salesforce, it complements the platform's native security capabilities, scans URLs every time they're clicked and is ISO 27001 and ISAE 3000 (SOC 2) certified. 

    Don't let cybercriminals steal your data and compromise your business. Get in touch with us today to learn more about our advanced cloud security solutions.