{"id":5942,"date":"2021-05-12T09:30:00","date_gmt":"2021-05-12T16:30:00","guid":{"rendered":"https:\/\/www.salesforce.com\/?p=5942"},"modified":"2021-05-12T09:30:00","modified_gmt":"2021-05-12T16:30:00","slug":"2021-raises-new-cybersecurity-issues-how-salesforce-is-mitigating-the-risks","status":"publish","type":"post","link":"https:\/\/www.salesforce.com\/au\/news\/stories\/2021-raises-new-cybersecurity-issues-how-salesforce-is-mitigating-the-risks\/","title":{"rendered":"2021 Raises New Cybersecurity Issues: How Salesforce Is Mitigating the Risks"},"content":{"rendered":"\n

Quick take: <\/strong>As corporate security breaches rise, Salesforce is working to protect customers by requiring multi-factor authentication beginning February 2022.<\/p>\n\n\n\n

\n\n\n\n

It\u2019s been a striking year for security breaches<\/a>, and weak or reused passwords are often the weakest link attackers love to exploit. <\/p>\n\n\n\n

Enabling multi-factor authentication (MFA) is one of the easiest, most effective actions businesses can take to secure their data against the majority of common cyberattacks. That\u2019s why, beginning February 1, 2022, Salesforce will require all customers to use MFA to access Salesforce products<\/a>. <\/p>\n\n\n\n

Though as any CISO can tell you, the competition for attention in enterprise security is fierce, and MFA doesn\u2019t always get prioritized. With the digital world becoming increasingly connected and complex, companies can no longer afford to leave MFA and other critical security strategies as an afterthought. <\/p>\n\n\n\n

Work-from-home security challenges aren\u2019t new, but the volume of attacks has increased<\/h2>\n\n\n\n

Before COVID-19 lockdowns and quarantines, employees with laptop access were already taking those laptops home and doing evening or weekend work. Security risks could arise from compromised home networks, or from attackers using default or recycled passwords from compromised accounts to gain access to work systems.  <\/p>\n\n\n\n

Greg Poirier, Founder of Salesforce Partner CloudKettle and an expert in business security tech, explains the trend. \u201cThat security issue is not new,\u201d he said. \u201cWhat is<\/em> new is that the volume of attacks and resources and efforts going into security attacks on at-home employees has increased significantly<\/a>. What’s happening is people are working way harder in the last year to exploit it. And that’s what makes it more important.\u201d<\/p>\n\n\n\n

What is<\/em> new is that the volume of attacks and resources and efforts going into security attacks on at-home employees has increased significantly.<\/span> What’s happening is people are working way harder in the last year to exploit it. And that’s what makes it more important.<\/p>Greg Poirier, Founder of Salesforce Partner CloudKettle<\/cite><\/blockquote>\n\n\n\n

Cyberattacks seek to exploit increasingly connected systems<\/h2>\n\n\n\n

In the last few years, companies of all sizes \u2013 and especially large enterprises \u2013 have increasingly connected multiple cloud-based solutions to get a unified view across the business. This shift has created a popular new attack vector for cybercriminals: data warehouses<\/a>. <\/p>\n\n\n\n

Companies have rapidly responded by increasing security protocols and best practices along every handoff (in part through tools like Mulesoft\u2019s API Manager<\/a> and Salesforce Shield<\/a>, which protect companies against common threats.)<\/p>\n\n\n\n

Rigorous security reviews are becoming standard<\/h2>\n\n\n\n

In the security audits CloudKettle does for its customers, one area Poirier\u2019s team always looks into is data governance. Do they have a daily governance policy? How is it structured? Or \u2013 does it even exist? Up until this year, customers hadn\u2019t always thought about it.<\/p>\n\n\n\n

\u201cThe regime around security reviews at the enterprise level is getting a lot better,\u201d he said. \u201cIt’s become much more thoughtful. Sometimes that\u2019s more frustrating for employees because two years ago, they might have been able to easily add something like a browser plugin without any oversight, and they can’t do that anymore.\u201d <\/p>\n\n\n\n

Poirier continued, \u201cOur clients are savvy enough now that they’re having us help them with things like application whitelisting, changing authorization protocols, and having a really good vendor security vetting process.\u201d <\/p>\n\n\n\n

Multi-factor authentication addresses evolving threats <\/h2>\n\n\n\n

MFA adds an extra layer of security to the login process by requiring users to verify their identity with two or more pieces of evidence (\u201cfactors\u201d). <\/p>\n\n\n\n

We\u2019re all familiar with what this looks like at an ATM: your physical card is the first form of authentication, and your PIN is the second. Put into practice in an office, this might look like an authenticator app installed on a mobile device which generates a code used during a system login.<\/p>\n\n\n\n

As the security threats that Poirier highlighted grow increasingly common, MFA is one of the account security measures that can protect customers and businesses. <\/p>\n\n\n\n

\u201cWhat you need to do is put as many barriers in the way of a compromise occurring as humanly possible. And MFA is one of those speed bumps that you can roll out onto the road pretty easily and quickly,\u201d said Poirier.<\/p>\n\n\n\n

“What you need to do is put as many barriers in the way of a compromise occurring as humanly possible. And MFA is one of those speed bumps that you can roll out onto the road pretty easily and quickly.”<\/p>Greg Poirier, Founder of Salesforce Partner CloudKettle<\/cite><\/blockquote>\n\n\n\n

Now, speed is the name of the game, and enablement materials can help get teams of thousands up and running quickly. <\/p>\n\n\n\n

There are a few considerations Poirier says to keep in mind when preparing for an MFA rollout, especially for global and enterprise customers: <\/p>\n\n\n\n