As the risk of cyber-attacks increases, understanding how to protect your Salesforce environment from malware becomes a priority. Salesforce’s approach to securing Salesforce is based on the Shared Responsibility Model (SRM). This model can be somewhat intricate to understand. At its most basic level, Salesforce is responsible for securing its infrastructure and ecosystem. In addition, Salesforce offers several specialized, value-added security solutions, such as Salesforce Shield (for platform encryption, event monitoring, and audit reporting), Salesforce Data Mask (enables admins and developers to mask sensitive data in sandboxes such as personally identifiable information (PII) or sales revenue), and the Salesforce Privacy Center (tools to help manage GDPR and PII governance).
However, under the SRM, Salesforce customers – administrators, architects, security teams, and users – must understand their responsibilities. Customers, for example, are responsible for protecting their data, using the right access controls and permission sets, and securing the objects within Salesforce.
Most importantly, in the area of data protection, Salesforce does not offer capabilities for detecting and preventing malware, ransomware or phishing links. Salesforce encourages customers to form a relationship with vendors, such as WithSecure Cloud Protection for Salesforce, to avoid malware and phishing attacks from occurring within their Salesforce.
How does malicious data get into Salesforce?
Salesforce has evolved extensively since its beginning as a sales automation platform in the 1990s. Today, it is used by over 150,000 organizations globally to manage sales and service organizations and to maintain customer relationship data. Users constantly import, share, store and export data files, attachments, URLs and QR codes associated with customers, partners, community members, and internal employees. Typical use cases for importing and exporting files include email-to-case, web-to-case, and third-party custom apps that allow users to upload documents. Each file and attachment uploaded to Salesforce opens the door to malware exposure, which can quickly propagate across the instance.
Malicious files, URLs and QR codes pose risks to Salesforce customers
The presence of malicious files is on the rise within Salesforce. These files contain or are conduits for ransomware, phishing exploits, viruses, worms, keyloggers, trojans, spyware, adware etc. Between Q2 2023 and Q2 2024, there has been a roughly 400% increase in malicious files found within Salesforce.
URLs and QR codes are increasingly the trigger point for malicious activity. To protect Salesforce users, WithSecure Cloud Protection for Salesforce scans hundreds of thousands of URLs each month. On average, 1.5% of URLs uploaded to Salesforce are malicious. And, that percentage will likely grow in the future.
Case Study: An unprotected Salesforce instance leads to a Ransomware attack
An enterprise organization presented WithSecure Cloud Protection for Salesforce with a particular scenario they had experienced. In this scenario, an attacker leveraged Salesforce to infect the company’s network.
The attacker, posing as a customer, sent an email to the company to steal vital data. The email contained a malicious attachment. The enterprise user who received the email opened the attachment. That triggered a few exploitations, leading to malware that infected the user’s machine and installed a keylogger on the infected device. The attacker gained domain administration access and launched a command-and-control power shuttle script, which deployed ransomware at hundreds of workstations within the company’s local area network.
Had this enterprise been using WithSecure Cloud Protection for Salesforce, the preceding scenario would have been much different. WithSecure’s goal is to stop all attacks within the Salesforce cloud.
WithSecure Cloud Protection for Salesforce scans files and attachments. The following screenshot shows the File Protection Settings screen.
- If malicious content is detected, WithSecure will quarantine the suspicious file attachments in a safe sandbox environment, as shown in the following screenshot.
WithSecure Cloud Protection for Salesforce: Designed with and for Salesforce
WithSecure Cloud Protection for Salesforce is a native application that runs in your Salesforce environment. The app prevents malicious, suspicious and disallowed content from entering your Salesforce environment via files, web links, QR codes and email messages.
WithSecure Cloud Protection for Salesforce focuses on securing Salesforce to mitigate advanced cyber threats on Salesforce. It:
- Provides real-time protection and instant visibility into your entire environment
- Works seamlessly with your customizations and workflows
- Fully complements the infrastructure security controls that Salesforce provides
WithSecure Cloud Protection for Salesforce meets the strict compliance requirements of modern enterprises and critical public sector organizations. It is an ideal choice for enhancing your Salesforce security.
WithSecure Cloud Protection for Salesforce was designed in collaboration with Salesforce.
Get to know WithSecure Cloud Protection for Salesforce, or use the form below to contact our team to discuss your Salesforce security requirements.