WithSecure’s Recommendations for Securing Salesforce in 2023

Reading time: 7 min


  • 29/11/2022

As we approach 2023, cyber security threats remain ever-present and pose a constant danger.

This year alone saw major attacks on company infrastructure from prolific threat groups and low-profile criminal gangs. While cyber attacks predominantly happen on traditional IT infrastructure, the rise in the usage of cloud systems due to remote work and other factors has provided bad actors with another potential point of entry - and Salesforce is no exception.

Our Securing Salesforce in 2023 report revealed that the top threats faced by IT professionals and administrators include data breaches, ransomware, and email threats. Another growing concern is cloud security for cloud-based platforms like Salesforce, the use of which has skyrocketed with the COVID-19 pandemic.

Cyber attacks cost companies billions in damages annually, and IT professionals are scrambling for preventive solutions. Administrators must take better cybersecurity measures to stay ahead of cybercriminals. Below, we discuss our recommendations to secure Salesforce against existing and upcoming cyber threats.

Securing Salesforce Against Cyber Threats

Monitor incoming threats to Salesforce

Phishing and ransomware are the top two cyber security threats that worry most IT professionals. While traditionally an email-borne threat, phishing has found its way to all modern communication channels, including Salesforce’s email-to-case and email-to-Chatter email flows. Cybercriminals also have various communication channels to infiltrate such as Slack and Chatter apps.

There are native Salesforce cyber security tools to address a large number of threats, but the platform lacks the native functionality to scan content upon upload and download. Further, cybercriminals have stepped up their game by using malicious URLs which become the initial vector for ransomware and phishing attacks. Our report showed that within six months, the volume of malicious files and URLs detected by our Salesforce Security solution increased by 250%, with an average of 57 malicious files or URLs per customer per month.

This is alarming, and we can’t stress enough the importance of using an advanced Salesforce security solution like WithSecure™ Cloud Protection for Salesforce that scans incoming and outgoing content in real-time to block malicious files and URLs.

Manage user and third-party app identity and access

Misconfigurations are common in any cloud environment. In Salesforce, users and apps are left with the default configuration settings, which usually grant a higher level of access beyond what’s required. Another case is when employees are permitted to purchase and implement add-ons without the knowledge or control of the IT department.

These seemingly innocent and empowering actions put organizations at risk by making it easy for attackers to target vulnerabilities. Almost a quarter of our survey respondents detected at least one targeted attack in the past 12 months, demonstrating the extent of cybercriminals’ activities.

Likewise, misconfigurations increase the risks of human error and threats from malicious insiders. As IT departments are often kept in the dark, they may be insufficiently prepared to prevent attacks since they cannot monitor vulnerabilities or vet new applications.

Managing system access is easier than you think and provides the most reliable quick wins. Enforce MFA (multi-factor authentication) for all users. Review user access levels and API integrations, and follow the least privilege approach when designating system access. This can be a slow process, but it’s a reliable way to reduce the cyber-attack surface.

You can also use Salesforce’s built-in security tools like Health Check and Optimizer, which highlight possible misconfigurations and loose access controls. 

Enable event monitoring

It’s impossible to prevent security threats if you can’t understand what’s happening within your Salesforce environment. IT administrators must be able to see how users and applications are accessing and interacting with your critical data.

You must maintain visibility into your Salesforce platform to protect it from malicious and accidental attacks from both external and internal sources. WithSecure™ Cloud Protection for Salesforce provides complete visibility to your Salesforce environment through graphical reports and rich analytics, allowing administrators to supervise user activity and quickly check your Salesforce file security status.

Do your due diligence

Supply chain attacks are a big concern for Salesforce security. With more than 3,400 third-party applications available, Salesforce is a highly customizable but also vulnerable platform. Every new third-party app exposes your organization to malicious threats that can come from vulnerable applications and compromised developer tools. And if you haven’t managed user access and continue to allow users to download apps, the threat compounds.

Before adding any app or integration, investigate whether the vendor is reliable and trustworthy. Check community ratings at the AppExchange store, require the vendor to provide evidence of being compliant with well-known security frameworks or standards such as ISO 27001 or SOC2, and look for updated reviews. Due diligence goes a long way towards preventing cyber attacks.

Wrapping Up

Protecting your Salesforce environment is essential. Compromised Salesforce data security doesn’t only jeopardize your organization, it also puts your customers’ sensitive information at risk, which could affect their trust and loyalty to your company.

Whatever Salesforce security strategy you have, don’t ignore advanced threat protection in your plans.  With WithSecure™ Cloud Protection for Salesforce you can ramp up your Salesforce cloud security and be ready to tackle any threats this 2023 with our solution.

Learn about Salesforce security threats and what you can do about them with our Securing Salesforce in 2023 report.

Get in touch for a free demonstration!

Complete the form, and we'll be in touch as soon as possible.

Vi behandlar de personuppgifter som du delar med oss ​​i enlighet med vår integritetspolicy för företag.