Name: Securing Your Salesforce Org to Avoid a Data Breach in 2025
Uploaded: 2025-10-07T16:31:41.810Z
Duration: 1 h 36 s
Description: Securing Your Salesforce Org to Avoid a Data Breach in 2025

Transcript for "Securing Your Salesforce Org to Avoid a Data Breach in 2025": Alright. And good morning, good evening, good afternoon, wherever you are in the world. Welcome to this latest edition of Salesforce Ben webinars. This is securing your Salesforce org to avoid a data breach in 2025. Let's get into it. My name is Peter Chittum. If you had signed up for this, you may have been expecting to see Tim Combridge. Tim, I'm afraid, is, not feeling well today, which is a bit of an understatement. So we all wish him well and getting better from, what he's got. And so I'm stepping in, for this webinar on Salesforce security. I'm the technical content director here at Salesforce, Ben. And before we do anything, of course, the first thing I wanna do is thank our lovely sponsors, OtaSeva. OtaSeva is an enterprise data platform that secures and manages Salesforce data for organizations with complex data challenges. Large global companies rely on OtaSeva to help them navigate the growth and security of their sensitive and critical data, ensuring business continuity, regulatory compliance, and unlocking the value of their data. Founded in 2012, it's designed and built specifically to meet the needs of large scale enterprises and supports more than 100,000,000 Salesforce users. Odaseva Odaseva offers a wide range of security and data management solutions for Salesforce customers. On the security front, the platform is built on zero trust architecture. A zero trust architecture means that no user, network, or component is inherently trusted. Every access point is continuously verified. This approach assumes the recent social engineer this approach assumes the recent social engineering and OAuth attacks will occur, and the technology ensures that even if a malicious actor obtained Salesforce credentials or tokens, they cannot freely access sensitive data or persist undetected. And as we're gonna talk about, that is a very, very useful tool to have in terms of what's going on today with security in the Salesforce world. Now, let's talk a little bit about Salesforce then. At Salesforce, Ben, many of you know us for our amazing blog and website. But did you know that there is so much more of Salesforce, Ben, to be had? First off, we've got a newsletter. That's right. You get Salesforce Ben delivered right to your email inbox every single day. You don't have to mess around with advertisements on the web or anything like that or pop ups. You can just get a download of what the big topics are of the day. I should take that back. I don't think we send every every single day. Most days of the week, you'll know. In any case, you can get you can get the sign up for the newsletter at the website. We also have events. And, of course, we have amazing virtual events like this. But if you're at a larger Salesforce event, often, we will have some in person experiences as well just like next week at Dreamforce. And if you are going to Dreamforce, please go check out the Salesforce Ben hub. It's about a five minute walk from the Dreamforce campus. We, of course, also have a YouTube channel and a podcast. The podcast has been on hiatus, but we are in the process of looking at what we're going to do next with that. The YouTube channel is ticking along nicely, and we would love it if you go there, subscribe, and, of course, click on the bell so you can get notifications when we launch new videos. And with that, we do have one more small little thing we'd like to talk about, which is the Salesforce salary survey for 2025 and 2026. Now do you like money? I think we all do. It is what allows us to live the lives that we live. And, of course, understanding better what other people are doing and how they are being compensated in their work in Salesforce can be very valuable information. Whether you're working in the ecosystem or whether you're a recruiter or a hiring manager, it's all super useful information, but it's only useful if you go and fill out the survey. So scan the QR code, take a few minutes and fill out the survey and let us know about your work experience. And with that, I think we're ready to jump into the topic. So this is the agenda today. First off, we're going to recap, you know, kind of the history of what's been going on in security. So one of the different the recent issues that have been going on that have really triggered us all to be heightening our security awareness in these past few months. Then we'll go through security fundamentals that you that you need to implement in your Salesforce org. We'll then talk about future proofing your Salesforce security. And then finally, a little bit of a section on artificial intelligence and what that might look like in the future as far as security goes. So quick recap on the security breach that we've all been watching. In May, the first instance of this, was reported on. And what was reported on, straight away was that this was related to social engineering attacks. Social engineering is simply when somebody is scamming you, but effectively impersonating somebody who you trust or, sort of tricking you to trust them. That is social engineering. In June, it was reported that the the, the techno technology culprit behind this was a modified data loader app. Again, social engineering was used here in order to get, users to install a, a phony connected app for this fake data loader. In July, which I think is where probably this became much more visible and much more widely spread because there was a large data breach reported by a Salesforce customer. And in that instance, the impact there was, 1,400,000 customers that were impacted by that breach. In August, the attacks started to be reported more frequently. And, there were, also reports through various outlets including Google Threat Intelligence to, to highlight what was going on with these. There was a pretty major breach with the SalesLoft Drift AppExchange app that then prompted Salesforce to remove it from AppExchange. So that was August. And then in September, more customers hit, and the FBI even stepped in to issue a flash warning around two specific groups. The UNC sixty forty and UNC sixty three ninety five are two separate groups that seem to have some overlapping, relationship, but it was became very clear that these groups were targeting both Salesforce orgs and Salesforce for data and then extortion. So, basically, if you you'll you'll have seen is that the theme here is that the attackers have been exploiting the connected app feature in Salesforce. And, specifically, the ability for an org to use a connected app without it actually being installed in the org. This has been a feature that's been around for a long, long time and has allowed for flexibility of connected apps. You can install them as an admin can go in and install them, but they will work if not installed provided the admin doesn't turn off that feature. And then, of course, social engineering where, clearly somebody has been targeting Salesforce users. And, you know, I myself wrote in one of the articles that we published that to me, this looks like somebody is going out and finding out who are the Salesforce admins or super users at different Salesforce customers and then targeting them specifically. And I feel like this is worth mentioning on the social engineering side. You know, if if you we all publish who we are in social media and a really big place for us in business is LinkedIn. And many of us put our association with Salesforce in our LinkedIn profile because it's how we're gonna get our new next job. It's a natural thing to do. It's something we should want to do. At the same time, that also makes that data available for somebody who wants to exploit it. And so my suspicion is that probably these actors were just using the LinkedIn API to go and pull down employees of companies that had Salesforce somehow on their profile. So, you know, the reason I say that is because if you're listening to this, you're obviously working with Salesforce. Every Salesforce practitioner should consider themselves a target at this point for social engineering. I know that sounds scary, but I think it's really important for us to all just be aware of that. Now in response to this, Salesforce has taken some action. There was some very specific action they took around the o f two point o device flow, and that was a particular way of using connected apps. And as of and this is about a month ago, you can no longer use the device flow that's not installed in your org. Remember I talked about you could use connected apps without being installed. So you could still use that connected app. You could still use it and install. But the minute you want to use the device flow, which is a particular form of authentication, it has to be installed. And if it's not, it won't the device flow will not work. So that is a really good step in the right direction, as far as as hardening the o auth two point o feature. In addition to that, Salesforce also took the step of removing the device flow option from both DataLoader and the Salesforce CLI. So it's good to see Salesforce taking some proactive steps to to harden the security posture of, both the the the connected app feature. And I keep saying connected app. These are now called external apps, actually. I should I should correct myself. My decade long Salesforce experience just sort of comes out, and I use the the original name for that. So, yeah. So, it's good to see them taking steps to make sure that the connected app feature is improved as far as the security profile and also removing that device full option from two really, really important tools for Salesforce admins and developers. Alright. Incidentally, there's a help article for that on Salesforce called prepare for connected app usage restriction changes. Restrictions change. Yeah. Anyway, so check out that help article. If you've had an integration or some connected app not working like you expected it to or like it used to, you may have, encountered this hardening of posture that Salesforce has done. And also some very late breaking news as well. This is an article just from four days ago from the record where it does look like Salesforce has started to provide support to customers that have been listed. One of the most recent developments is that customers who have had data exfiltrated have been posted on a website and basically said, we are going to, you know, you need to pay a ransom or we are going to, release your data. So that's the extortion I talked about earlier. So, we don't know the details of what the support is, but Salesforce have stepped in and seem to be working with all of those customers that have been listed in some way. Alright. So that's a lot of information. And frankly, it's it's even been hard for me to keep tabs on everything that's been going on in the developments in this particular story. But to really sum up, like, the brass tax of what is going on here, the common denominator is social engineering. And there are some other terms that get used with this, phishing, vishing, smishing, you'll hear. And then the key technology that's being leveraged is connected up. So so those are some things we should keep in mind as far as what's happening today. However, this is the thing. The reason social engineering and, threat actors are so successful is that they are actively every single day seeking out new attack factors to, to exploit anybody who's using the Internet. It's it's not personal. It's frankly, it's they see it as their business. And so we should all see it as our business to be protecting ourselves as well. So even though connected apps are the way that this particular exploit happened, the important thing is to, to prepare yourself and to set your expectations, like I said earlier, that you are a target. And that being the case, very important for you to also help your entire organization. And so, really, everybody should be not just concerned for themselves, But if you are in a leadership position in Salesforce and, you know, essentially, that means admins and developers, and I think especially admins, because you are oftentimes the owner of Salesforce in your organization. You should be the the the person who is getting your stakeholders up to snuff as far as, getting their security posture in place. And when we say stakeholders, we're gonna use that term in this, this, whole presentation over and over again. What do we mean? We mean your end users, any external users, in other words, your customers who might be using, your like an experienced cloud site, third party partners, and really anyone or any system that, can touch your Salesforce org. You know, the people who are in charge of those systems, you have to think of those as your stakeholders, and you need to be all working together to ensure secure connections and secure interactions with Salesforce. So I talked about social engineering and some of the terminology around that. So what is some of those mean? Phishing, this is kind of the original term for this where, the idea was that, you'd send an email. It would look like an an, authentic email from some organization that you work with, and the whole point of the email is to try and get you to provide it personal information or secrets. You know, and I just wanna raise my hand here and say, you know, if you've ever fallen for this, like, seriously, you are not alone. You can be very technical. It can be, like, years working in technology. You know, the reason people fall for these is because they're very good at what they do. At least some of them are. I can even tell a story once myself, you know, this is going back this was, like, 02/2003. You know, an email came in. It came in from another employee of my company, and it had an attachment on it, and it looked like a text file. And That was how people passed around jokes at the time. And so I clicked on it, not realizing that it was, you know, whatever file dot txt. And then it was an executable in fact. So that basically kicked off and it went through and it emailed everybody, in my or my organization, basically. And then a bunch of people, like, they opened it too because they were like, well, Peter wouldn't have clicked on that if that was, you know, if that was a, you know, a bad attachment. And so this is kind of how these things, you know, continue and propagate. So don't feel bad if you've fallen for it. Like, it can happen to anybody. Even as recently as a couple years ago, I very nearly entered in my Facebook credentials into what turned out to be a fake authorization page because it just looks so seamlessly like a Facebook authorization page. So these actors are really good at what they do. You know, you need to be on guard every single time you're interacting with whatever system you're working with, whether it's personal or business, and you need to be expecting people to be trying to steal information that they can then use to exploit either you or your business. It's just what it is. So there we go. That's phishing is the traditional way of doing this via email. SMS is kind of the, SMS version of this, and I think this is much more popular. I saw a really interesting statistics recently that, SMS open rates are way more than email. And so yeah. Like, if you're a threat actor, why wouldn't you try getting somebody to click on a a a a dodgy link? In fact, I just I just had one, like, yesterday that I looked at trying to convince me that they were, her majesty or his majesty's revenue and customs in The UK where I live. So, like, seriously, it's everywhere. Vishing is voice impersonation and I think this is one that we're gonna see more and more and more as things like deepfakes become highly very easy to scale with modern AI. And I said, in fact, I just had a conversation with some of my relatives last night because my voice is out on the Internet everywhere. I've been doing this for years. So I've actually started to come up with passwords for certain of my relatives so that if anybody were to ever phone them or send them an email or send them a message that sounded like me, they would have a word that they could ask for. And if that person couldn't supply that word, they would know it's fake. And finally, in person attacks are absolutely a thing. You know, it sounds a bit crazy, but, you know, if if you have a physical actor that can go into a physical space and trick, you know, one of the people who has high access to a system, you know, people do it. I heard a really amazing story once about some white hat hackers, that were red teaming. And they went in and they actually managed to get the CEO of this company to stick a thumb drive into his laptop, which, of course, had, an exploit in it. There's some malware that was then downloaded. So absolutely, in person attacks definitely happened too. So how do you stay on top of all of this? I think, you know, it could be scary. And hopefully hopefully, I am scaring people a little bit, but hopefully, we'll also give you some solutions to go with here. You know, one thing that I, I do wanna share is that Salesforce has regularly been updating and trying to keep on top of this and keep customers informed of what's going on. For instance, with this change in the connected apps, they communicated that quite well, and there is a help page for that. Salesforce Ben as well. So we at Salesforce Ben have been also trying to keep everyone up to date on this. This was an article that we had Tom Bassett put together to you know, if you're a Salesforce admin and you want to understand how to react to this particular breach, this article gives some great advice for how to do that. We also have a continuously updating article called the Salesforce data theft roundup. And here, as new information and news is developing, we are, updating this article with kind of the chronology of what's been going on. And then finally, this one just went out last week. This one by Beechorn is a fantastic, yeah, of a a a really good article to help you understand how to how to make standard permission sets more secure. It's it's really good, and it goes through, some really good best practices around using muting permission sets. So I checked all of those out as far as, you know, are you doing what you can to protect yourself? Okay. So let's go through some security fundamentals. Hopefully, most of you know most of these, but maybe you'll learn something as we go through. First of all, I do wanna talk about the shared responsibility model. This is really important because it is a foundational, principle upon which Salesforce provides security, which is to say that Salesforce is, Salesforce is responsible for making sure that the infrastructure that, the the broader infrastructure is monitored, the firewall, the features that there are security features. Right? So Salesforce does have a duty of care to make sure that you as the customer have the tools that you need and the bits that you don't touch are themselves secure as well. And you'd have to say that given what's been going on, Salesforce has been maintaining that duty of care, and then making adjustments where they feel like they could improve that duty of care. So as a customer, that means that you need to ensure that you have secure environment configurations, IP restrictions for users, design and implementation of your, of your or, integrations in pretty much everything else. Anything that you have control over, whether it's a setting or a profile or permission set, custom permissions, you know, like, all of the and then also, you know, your workforce being prepared to have a good security posture. All of those, are the customer's responsibility from the shared responsibility model. There are numerous articles on this in Salesforce help. If you just search Salesforce shared security model, go check those out because they give really good guidance as to what are the things that you should be thinking of to make sure that you're holding up your end of the bargain as a Salesforce customer in this shared security model. Next thing is the principle of least privilege. Now this just in simply states that if a user is compromised, that the damage, the blast radius, as they say, is gonna be minimal for that. So how do you limit the damage? And this says if a user is compromised, you could argue, you know, when a user is compromised. You know, like we said, you know, we should expect all of us that we are targets. Alright. So first thing, don't use profiles. You know, if your profiles have permissions removed from them, that means you can never give too much permissions just by giving a profile. That's really important given that profiles are a requirement for a user. Every user has to have a profile. You don't want to be forced to give them a profile that grants more permission than they have to. From there, you can create more granular permissions sorry, permission sets and permission set groups. And this allows you to then organize your permissions on the mode of access for the actual users and ensure that, each set of users is active accessing the right resources in Salesforce. And then finally, make sure you go through the, the work, because it is work, of setting up your role hierarchy, your sharing rules, and, you know, wherever it makes sense to, you know, if you have a, if you do have a custom object, or a standard object that has sensitive data in it that you would want to minimize the the, you know, what was leaked, then you should really consider using the private or white default for that. And then, you know, then you have to re enable access. That's how sharing works is you basically cut it off and then you enable it at a more granular level using your role hierarchy, sharing rules, etcetera. Right? So, it takes planning. It takes work. It takes, you know, kind of diligently mapping out who's gonna get access to what. But if you are concerned about data access and security and protecting, yourself from a threat like this, you know, you have to ask yourself, you know, where do you want to do the work? Do you want to do the work on the cleanup side or do you want to do the work on the setup side? And finally, and this is really important and good for me to remember as well because when I started, these didn't exist. But external user privacy is something that you need to pay careful attention to. In fact, there was even a, recent update that was rolled out, in, the winter twenty six or I guess is about to be rolled out in the winter twenty six release when it comes to Apex sharing and the roles and subordinates sharing groups, there are some new ones that you have to make sure are set correctly in your Apex managed sharing code. So something to check out there. Alright. One thing that you can also do is develop a framework around security audit. Right? So remember, security is never fire and forget. You can't just, turn it on and then walk away and hope that it will always be secure. These things are constantly evolving. Some things that you should be looking at on a regular basis are inactive users and number of system administrators. Remember we talked about how, you know, everybody has to have a profile. You need to have some system administrators. You may not need as many as you actually have. So that would be something to keep in mind and consider. You know, do does that person who maybe has moved to another part of the organization, do they still need to be a system administrator? You know, you should really ask that question and then act accordingly. Doing a permission check. So, you know, are you following the principle of least privilege? I talked about the, the the roles and subordinate sharing group, release update in the last slide. Right? You know, those release updates are constantly coming out from Salesforce. Those should be part of your project backlog to make sure that that you update those. A lot of those tend to be very tend to be security oriented. Making sure that you get those in place and also don't break the org for your users, that takes time and preparation. So make sure you work those into your, your project process. I'll mention Salesforce Shield here. I'm gonna come back to this, but Salesforce Shield has a lot of enhanced security tools that are available to you. And then you need to think about any AI features that you're building and their access to data. You know, your agents, you know, are users too for all intents and purposes. So make sure that they are configured as well so that they don't have access to more data than they should. And there we go. So, company wide and this is hard because you you may be a solo Salesforce Admin in a large company. Getting the attention of your whole business, you know, that might be a challenge. At the same time, you may already have somebody in your business who is trying to tackle security. And if they find a partner in you, that might actually help you be more successful in some of these things we're going to suggest. But it definitely expect the worst, plan for the worst, and then at least, you know, when the worst does happen, you know, that you've done, you know, you know that you've prepared as best you can. You know, if if you can, you know, you would hope that every company has a blame free postmortem process. Probably not every company does. And so, you know, in case something were to happen, it would you know, the thing that you would want to be able to do is to be able to go back and show documentation that you took steps, you know, within what you were able to do to ensure that, you know, the breach was contained in the most efficient way possible and that the least amount of damage was done. And in the end, like, that's all you can do. Again, you know, like I said, we're all being targeted at this point. So who has access to different systems across your organization? You know, just kind of like you did the security audit of your Salesforce, you know, as a company, this is something that should be pretty well understood. And there are systems that allow you to do this if you are the bigger company. You know, certainly getting Salesforce onto those systems is useful to do. And again, you know, this is beyond Salesforce, but device security policies. You know, are you on a bring your own device plan for your mobile phone? Are you provided a mobile phone by by your company? You know, if you're on a BYOD plan, you know, is your drive encrypted? You know, do you have to install mobile device management? Are you staying up to date on software updates? You know, do you have a ten year old Android phone, you know, running Jelly Bean version of of Android OS? You know, you're probably not secure on that device. And so so looking for those kinds of, those, potential risk, those potential risks is something that you should do for devices as well. And then giving your stakeholders the understanding of what their responsibilities are and what procedures. You know, do they know if they get exploited, who do they contact? You know, and, you know, I'll I can share my experience working for a very large cloud computing provider that we all know. You know, there is an email address that everybody knows. If something happens that is security oriented, you just email that email address and somebody will be on the other end to pick that up and help you out. You know, is it that easy for you at your company to get access to your security specialists? Does everybody go through security, and compliance, awareness training? Do you do, do you red team your, your employees? Again, I've also worked for companies where, you know, every you know, a few times every year, we get a little present in our email inbox in the form of a phishing email that was actually sent by our company to see if we would fall for it. You know, like, this is a really good practice. It trains your employees to think about security every day. And to ask that question, is that email real? And even though I got good enough that I could pick out the ones that were from my employer, you know, that also taught me to just get better at picking out emails that looks like they could be exploits. So login security. Right? So, of course, making sure that your login process is secure is super important. Right? So this is probably, you know, I would say one of the most important things that you can do to mitigate this kind of attack that happened. You know, because, you know, what was essentially happening is people were socially engineered to provide a login to somebody who was x you know, operating an application from another location. Now if you are on a VPN or inside your company's network and that network has restricted IP ranges set in Salesforce, that means it's it's a lot harder for that threat actor to actually use your authenticated session to access Salesforce because they won't be coming from the right IP address. Now, obviously, they could maybe get access to your VPN. I mean, that would be very bad. That's a whole separate thing. You know, so it's not like, you know, even there, it's not a 100%. But, you know, certainly if you had, you know, if if if I had, for example, fallen for this and accidentally signed them on and they had their remote version of this fake data loader app that they were then gonna start using to exfiltrate. The minute they tried to connect from outside of the IP range, it would have failed. So something to be aware of. You can do this, but it does require you set up especially if you have a remote working environment, you need to make sure that all of your remote workers have, a VPN and that the IP addresses for that VPN are known, so that you can then do the IP address white listing. So it takes a little bit of work to make this work for you. Restricting login hours. You know, some of us, you know, I I I work flexibly, and so sometimes I'll pop into our Salesforce and, you know, do like a content review if I'm sort of bored, you know, in an evening, and and I've got to do I've got to do a little bit of catch up. Right? But in in a lot of cases, your workers, your users do not need access to Salesforce outside of their working hours. So why not just set up login hour restrictions? And that way, you can ensure that, you know, outside of the times when you know your workers should be working, if activity is happening, that could be a red flag right there. Make sure you set your password policies. There's a lot that you can do with this. Yeah. You can change, how many historic passwords, password refits, freak reset frequency, complexity requirements. So all those things can be configured centralized access control for not just Salesforce, but for all of your enterprise applications. And so it's a great way of ensuring that also you can turn that off if somebody is compromised. You know? So again, that scenario, let's say, I accidentally give access. I I realize it. I contact my security, folks, and I say, I'm really sorry. I accidentally let this go. Boom. They can turn off access for you as a user to everything across, you know, across their their enterprise systems. And that's a good thing. You know, that's mitigating the damage once the mistake happens. Alright. So future proofing. Probably one of the best ways that you can do this is Salesforce Shield, to be honest. Salesforce Shield has a number of different features, but, you know, this is, there are a couple of features that are free, but mostly it's a paid additional feature, set feature set. And they are all about security and compliance. So, the first one's platform encryption. To be honest, you know, the basic form of platform encryption would not have helped in the case of these, these attacks. There are some more advanced ones, with the your own private you know, if if you are using a bring your own key, you can definitely dial up platform encryption so that, you know, the threat actor would be forwarded in that case. But, so the platform encryption may or may not be a protection depending on how are you wanna go. Yeah. And I would say the more you go, then the more challenging it can become to use it. So it's something you have to weigh that. Yeah. And actually, I will mention, we have a, which do we do have a video that should be coming out pretty soon, that covers platform encryption. Alright. Field audit trail. Field audit trail is a way of extending field history. It gives you the ability to have, additional, some more fields per object. With field history, it's 20. With field data trail, by default, it's 60. But you can actually call your AE and, you know, kind of harangue them a little bit and they'll they can actually get it put up to a 100 if you want. Data Detect is a a newer feature. It wasn't part of the original, four parts of Salesforce Shield. But Data Detect is a machine learning driven pattern matching, feature. And what it does is you can run a scan and it'll look for sensitive data in unexpected places. So, you know, maybe somebody has popped someone's social security number into a description field just temporarily until they could put it into the right place. And then they forgot and they left it in there. That's sensitive personally identifying information in a place where it shouldn't be. Data detect can help you find those. Data mask and seed for sandboxes. Again, this is also a relatively new feature, but, this is a feature that allows you to ensure that when your data get brought over into a sandbox, you can mask sensitive personally identifying information, in those sandboxes, which is important because if a data breach happens on a sandbox, it's still a data breach. You know, there's no defense in saying, like, well, it was a sandbox. You know, your customer isn't gonna care. You know, any organizations that you're, you know, seeking to maintain compliance with, they're not gonna care. You know, so make sure your sandbox data is also secured. And then finally, event monitoring, which, we wanna talk a little bit more about event monitoring because there is a wealth of functionality in event monitoring that is worth going through. Event monitoring, it it basically uses the platform events feature, to look for certain things that can occur in your org and then send notifications using the event bus. So things like who viewed what data, when did they view it, where was the data accessed, When was it changed? You can even do things like, you know, was it accessed from a report, for instance, and you can you can, control that. Where are people logging in from? There's also some advanced analytics on reports as well that you can do. Oh, yeah. Here we go. So users viewing and exporting reports, session hijacking attacks, and then credential stuffing attacks. So these are all things that you can use Salesforce Shield event monitoring to notify you of any behavior that looks like these things. Backup and disaster recovery. And that's just so secure it. Right? So make sure that you have secured your backup and disaster recovery data. Right? Again, just like your sandbox, if somebody says, well, they sold a backup, like, that's still weak data. That is unfortunately not going to reassure anybody that it was stolen from the backup, but you need to make sure that you have done that. So, yeah, customer data is customer data regardless of where it's from. You know, obviously, secured in production, but make sure that your backup, your sandboxes, they all have that same security posture as well. And, yeah, there have been plenty of instances where the breach happened because the nonproduction environment was insecure in fact. And then, you know, there's a great quote that, you know, used to go around, when I worked with the Trailhead team, at Salesforce, and that is, there's no finish line for rad. Right? So if, that was kind of a joke of, like, how do you keep doing, like, fun cool things? But I think it's true for security as well. You know, threats continue to evolve and we said this earlier as well. Right? So just because this is what the threat looks like today, you know, you shouldn't yourself get lulled into a false sense of security. You know, you should, you know, like all of these features we've talked about today are there specifically because you don't know what the next threat is going to look like necessarily. And so, using the tools allows you to sometimes prevent, and then other times, you know, if the breach happens to mitigate and minimize the damage of that threat. So, some things that you can do is to learn about what different kinds of vulnerabilities look like. There are great training programs. The whole infosec ecosystem are super active on social media, and there are great podcasts and blogs, about information security. And even if you never yourself want to be an infosec, specialist, starting to follow those information sources and learn from them is something I think benefits, can benefit anybody. I myself, like, I've started to follow, a set of of podcasts called the CISO series podcast, and they have a a weekly roundup, that I've been finding super useful. You know, it's about a half an hour of my time each week and I kind of get a download for what's going on in information security, this week. Train your stakeholders and push for training your stakeholders. Train up your reporting chain as well as down. You know, it can be very easy in leadership to overlook something that is as important as security because it sort of feels like something, you know, I think for, you know, for for whatever reason, we tend to treat it as something that is sort of a, you know, well, somebody else is gonna do that or it's nice to have or it's something we have to do as well as the work. You know, security information infrastructure is the foundation of all the business that we do. And secure information infrastructure is what makes that continue to function. So it's something that we all need to, remember and help our colleagues remember as well. And if you can make it so that, you know, if you own Salesforce, you know, you actually have a little bit of a bully pulpit to go out to your users and make sure that at least those stakeholders are, acting and, you know, using technology in the most secure way possible. And then always look for new tools. There's always new ways to detect threats as well as new threats. And so understanding what those look like is really important, which brings us to artificial intelligence. Now certainly, AI is a new tool for all of us and that goes for threat actors as well. 100%. If anything, it's gonna be easier. It's gonna be more turnkey. It's gonna take less technical skill to become a security threat actor with the current progression of what's going on in AI today. So as powerful as the tools have been, they're only gonna get powerful and become accessible to more people. So, different ways that this can take the form are things like adversarial attacks. You know? So, it could be that, algorithms may try to, to use malicious prompts and produce some kind of harmful outcome on actual AI functionality. There's something called the prompt injection attack, and this is something that, actually was just reported on recently for I yeah. I believe in agent force instance, where they use web to lead to stuff some prompt injection into the lead form that would then get interpreted into, the prompt. And there was a few other things that had to be in place to make that happen. You know, but, like, this is definitely a concern. And then data poisoning is a thing as well. So this would be where, this is kind of a a sort of supply chain attack where if you can get to the data that is being used to train a model, then it's possible you can get that model to do something malicious on your behalf. So that is definitely something that is being tried as we speak. Alright. So these days, security may not be what you think and, of course, you know, the risk come from both the outside world and from within your organization. So, you know, things that you wanna you know, it's a huge list of things to be aware of. Of. So AI generated phishing contents, deep face good voice impersonation, attackers leveraging AI for large scale credential, credential testing, generated code that then itself doesn't attack and that, you know, that could be in combination with that, sort of, data poisoning. You know, if you can sort of poison the data to produce code that's going to, you know, allow your, you know, the the threat actor access, you know, definitely a possibility. The agent itself, if an attacker gets access, they could be use the agent to sort of turn against, the organization or if they have access to too much. And then, you know, of course, just more and more bots scraping experience sites, looking for vulnerabilities. And then, you know, I mentioned supply chain attacks, but, you know, that is definitely one as well. And as far as AI in Salesforce, cybersecurity, you know, in there is also an opportunity to turn AI to your benefit. You know, so leveraging AI to automate threat detection, you know, so for instance, the shield, data detect, for instance, is an example of using AI, sort of defensive offensive AI, if you will. Right? So going on the attack and looking for the actual exploits to happen. There are definitely things being done with advanced analytics to actually process, like, log data faster in order to more quickly identify threats. And then, of course, the Einstein trust layer is designed to prevent a lot of those things that we talked about. You know, it is not foolproof, a 100%, at this point. I think it would be foolish for anyone to say that it is. But we know for a fact that Salesforce is doing their due diligence and everything they can to ensure that using Salesforce, is not going to cause a kind of data breach. And then just to sort of put a put a final dot at the end of the sentence here, you know, what are some of the things that you should take away from this? You know, if if you heard nothing else, what should you, you know, what should you make sure that you do as your next steps? So first of all, education. Educate yourself, obviously. Educate your stakeholders. Make sure that people are aware of the threat. It can be very easy for people who are not focused in on what's going on in information technology and info security, information security to not be really aware of what's going on. And so, you know, if your users are used to coming in, doing their job and going home, you may need to take the step to understand to help them understand what the risks are. Mitigate, the the possible damage by making sure you followed good policies and procedures and we went through a whole bunch of things from different security oriented configurations in the setup menu, how to set up your, profiles and permission sets, setting up your sharing rules, and, you know, and of course, making sure that you're using the right sharing roles and groups so you don't accidentally share, too much to the wrong person. Innovate. Right? AI can also be a tool to protect you as well. So make sure that you are looking at what's the latest and greatest to be able to use the tools available to to give yourself the best security posture possible. Make sure you use analytics and monitoring. And there are you know, what I would say is there are definitely third party products that can help you do this and Salesforce, of course, has Shield itself to help with this. And always stay up to date with updates. It goes without saying, you know, the reason those updates happen is to make sure that, you know, things work, but also that new security exploits or new vulnerabilities are patched and removed from software. And there we go. So before we get to q and a, just, you know, again, another welcome sorry. Another thank you to, Odaseva. You know, and what they want to you to to to, you know, think about is how can OtaSeva help you protect against breaches before they happen? Well, since the threat landscape is constantly evolving, threats aren't just external anymore. They can come from inside of your own organization whether by accident or with malicious intent. OtaSeva supplements and strengthens native Salesforce security features and traditional security measures to fill those gaps, including protecting the most sensitive data. As one example, if an attacker gains credentials that allow them to access Salesforce data, they can only see redacted and tokenized data. The most sensitive information remains securely encrypted in an external vault completely out of attacker's reach. OtaSeva is here to help you not just meet but exceed today's security standards and ensure your most valuable asset, your data, is protected for the future. If you'd like to learn more, scan the QR code and come and see OtaSeva at Greenforce or check out otaseva.com to register for their upcoming data innovation forum or read more about the social engineering text and how they help on the OtaSeva blog. And with that, that brings us to our q and a. And I would like to invite up on the stage here, my colleague, Christine Marshall. She's been monitoring and keeping things under wraps as far as the q and a. Dean, what do we have? We've got a few minutes to talk q and a. Thanks, Peter. Well, we have we've been quite busy on the q and a, answering a whole bunch of questions. We've talked about, login hours and IP restrictions. We've talked a little bit about OdoSaver as well and their software. One of the outstanding questions that we've had is recommendations for secure backup tools. Now, obviously, we're being sponsored to say today by OdoSaver. That would be an obvious answer. I was thinking about this question in the background, and there are quite a few really good backup providers. And I think my input was going to be to make sure that you are looking at one of the high level backup providers because it's so much more than just backup. It's things like Yeah. Getting notified that something has gone wrong. It's the speed of restoration. Backup tools are not made equal. So doing your research and choosing one that's right for you is very important. But I don't know if you've got any any thoughts around that. No. I mean, I think, you know, you pretty much said it. You know, I could I could, you know, list a couple that come to mind, but, you know, I I think, you know, the the best thing that you can do is to do a little bit of due diligence yourself. You know, ask around to see what other colleagues, are using for their backup providers. And I think this is a really great reason. If you can make it to community, community group meetings or to community conferences, it's a great way to connect with people and find out, you know, what are they doing to solve this problem. That's great. We have someone in the chat to say that maybe I have no audio. So, unfortunately, maybe only you can hear me. I'm not sure. Oh, no. Okay. Oh, no. Some other people can hear me, so we're okay for now. Okay. Okay. Great. Alright. Thanks for the reassurance. It looks like we got a couple more minutes. So, is there anything else we want to kinda bring out in discussion before we wrap this up? We've answered most of the questions that we've had from standout question that you thought was pretty, like, interesting? Or I thought that, yes. There was actually and it and it wasn't it was actually someone else who pointed it out. So it was relating to the IP restrictions in the chat Maxine has put the it's not a well known setting, so it's worth mentioning that the enforced login IP ranges on every request is very important. The two attacks happened after authentication where the necessity to verify the IP on every request not only on login. Yep. That's a really good point. That's a really good point. And I have seen that brought up in some of the discussions around this, you know, and to to draw that out a little bit in case people aren't it you know, it it's a fairly self explanatory sounding configuration, but, you know, what it means and and I used to take advantage of this where, you know, if I if I signed in, you know, let's say in my office and I've, like, logged in for the first time using my VPN, but for whatever reason, I didn't wanna stay on my VPN. Right? I could then get into Salesforce and use Salesforce fine, but without the VPN access. You know, that can be convenient in some cases, but it is also a more open security risk. So yeah. If, that's that's great that he brought that out and mentioned it. So it's an excellent shout. Yeah. Well, that's all the questions that we have. We've answered everything else in the background. We've shared the links as well to the articles that you mentioned. It's been great fun in the back here because there's been some really interesting questions. So thank you. Super. Yeah. Thanks for coming on and, being the, the voice of the webinar in the chat. So I really appreciate your help this morning and really appreciate everyone who made it out to, to this webinar. Super glad it came up. Hopefully, you found it useful. Make sure to sign up and watch for you know, sign up for our newsletter. You can get notified about other webinars in the future. And with that, I wanna say thank you.